There is 1 open security issue in buster.
There is 1 open security issue in bullseye.
commit 675c4cc6652c46d16c00e447178c91dfbb0ed6d6 Merge: 76687a5fe5 fce07dc616 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Mon May 16 22:59:07 2022 +0200 Merge branch 'debian/unstable' into debian/experimental commit 76687a5fe5815393a29705cfdaa6692cba00baa9 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Sat May 14 22:26:02 2022 +0200 Prepare 3.0.3-3 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit f55cef1035fc3dc4e1b90783cbb567937143856b Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Sat May 14 21:50:22 2022 +0200 Record the ia64 bug. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 4d5ae11ef44e4a449ee4aaae6576e0174611c991 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Sat May 14 19:40:40 2022 +0200 Don't build ev4/ev5 binaries on alpha. Due to a mistake on my side, the ev4/ev5 libraries were built but never actually on alpha. This has been noticed because newer dh_install 13 now complains about built but not installed files. I have no idea how to quickly get this done and these were missing since I rewrote rules files. Disable the build for now and maybe figure it out later. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 74633b81566a68de67f045eecab21f35e6f89fde Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Sat May 14 19:28:24 2022 +0200 Don't zero registers on ia64. The produced .s file fails to be assemled. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 3d6e17a648f4624f8142f6513449e011e3e5781f Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Sat May 14 19:21:35 2022 +0200 Revert the .s for the ia64 assembler. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit c7f855aa77c3ef66f6c46cf246e4f8b41babd060 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 13 23:25:11 2022 +0200 Prepare 3.0.3-2. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 665fb29c9b1d6728e4da369ea3e53e8a21a9556d Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 13 23:24:34 2022 +0200 Make the upload to unstable. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 4be53bca5ec9fcccd42acd0a57032a9a0846b004 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 13 23:12:31 2022 +0200 Use dh commpat 13. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 4b63ee42214ca7bf16db27e28ba2e4c6c426bcf5 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 13 23:08:44 2022 +0200 Use version 4 for the debian/watch file. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 02d54f7ab2d30b7052a33731ab18b06290b5f11c Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 13 22:52:44 2022 +0200 Add a list files which are not installed. dh complains and the html documentation is currently not packaged. Also the dist files are ignored. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit cdc804c901b60a497295c7f69c1719a4c5580b5c Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 13 22:37:42 2022 +0200 Update Standards-Version version. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit d4c179edb5baa0a51bb1f1d6b1c0dd5e506307a7 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 6 22:22:01 2022 +0200 Prepare 3.0.3-1. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit fce07dc61662596fd6d8dee0cf3d1c44383179f1 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 6 22:21:05 2022 +0200 Prepare 1.1.1o-1. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 3563904750256b1d7a4ac97009921ddf48e0a0bf Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 6 22:16:59 2022 +0200 Close another one with the script removal. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 754077029d34bc6baaf041deed1ae20f9bbc587a Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 6 22:06:56 2022 +0200 Remove the postist script its template and translations. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit d19f4895bd2790b872470f3e7edd9e9c0354aa0c Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 6 21:54:01 2022 +0200 Use a separator. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit fd3bcbc010322c7d21dbf6e9405438af33bbd0cd Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 6 22:06:56 2022 +0200 Remove the postist script its template and translations. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 87e769f0a7204ab02f424c9d102997125ecb867f Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 6 21:49:52 2022 +0200 Use a separator. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 5433bf1ddbbbf91d767340b46fa36710caebfb78 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri May 6 21:44:18 2022 +0200 Orig tar is signed with sha256 Hope it stays. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 11cab71f7dcc813ac337babfab6335b70cb806a2 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Thu May 5 23:42:32 2022 +0200 Add new symbols. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 04ecf0757a7a866e65e8575230ad6a8a42e0198b Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Thu May 5 23:27:17 2022 +0200 Import 3.0.3 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit c1def31d2ddec80999f626187fe38fde3c2130f0 Merge: b507914c40 5784ad8a86 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Thu May 5 23:19:28 2022 +0200 Update upstream source from tag 'upstream/3.0.3' Update to upstream version '3.0.3' with Debian dir 9bf21019ef6814893f905bda21978a842b2b1cee commit 5784ad8a8636392efc081a78e04ae7d897f28f79 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Thu May 5 23:19:28 2022 +0200 New upstream version 3.0.3 commit adedec52eaf55254a2aa53d9bf5676749fdb3cdf Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Thu May 5 07:34:36 2022 +0200 Import 1.1.1n Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 51481524d23783e09ade68eafa62c5c00bfc0d89 Merge: 82d5b721c5 3696544aa5 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Wed May 4 20:41:06 2022 +0200 Update upstream source from tag 'upstream/1.1.1o' Update to upstream version '1.1.1o' with Debian dir 668362d0ef4fc2f5b06c40ab9939ff6b137df2d3 commit 3696544aa5b7b3c80c7893d428a74534c6dcd1ca Merge: e567245f45 ca2e0784d2 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Wed May 4 20:41:06 2022 +0200 New upstream version 1.1.1o commit ca2e0784d2c38edcefd5d68028f4d954bd8faddb Author: Matt Caswell <matt@openssl.org> Date: Tue May 3 14:41:15 2022 +0100 Prepare for 1.1.1o release Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes commit b5b37553bcf9b90a5be5d8ed573b377d1766bd95 Author: Matt Caswell <matt@openssl.org> Date: Tue May 3 11:54:12 2022 +0100 Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes commit 58d24ad926e3ccb30be9254cd1c7acbfac35a568 Author: Matt Caswell <matt@openssl.org> Date: Tue Apr 26 14:39:34 2022 +0100 Update CHANGES and NEWS for new release Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes commit 76eb96b656f742be4c2e6d83d621af22031953cb Author: Tomas Mraz <tomas@openssl.org> Date: Fri Apr 22 16:34:53 2022 +0200 Add additional keys to release key fingerprints Added keys for Paul Dale and Tomáš Mráz. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18156) commit e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 Author: Tomas Mraz <tomas@openssl.org> Date: Tue Apr 26 12:40:24 2022 +0200 c_rehash: Do not use shell to invoke openssl Except on VMS where it is safe. This fixes CVE-2022-1292. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Matt Caswell <matt@openssl.org> commit b507914c40270e32cde6afcc8af93707c225e7f4 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Sun May 1 09:22:48 2022 +0200 Correct the openssl.cnf to provide proper default configuration. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 982fad3ec4107684a6cb442f593193972b06c41a Author: Paul Kehrer <paul.l.kehrer@gmail.com> Date: Sat Apr 24 15:55:08 2021 -0500 add wycheproof submodule This is used with the pyca/cryptography test suite (cherry picked from commit a09fb26ba90e46c4f731b5a597051b4d4b9aea3e) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16340) commit 2cf22024e82d59280616a16ef9b5c264cb1d70e1 Author: Nicola Tuveri <nic.tuv@gmail.com> Date: Tue Apr 26 12:49:31 2022 +0300 [github-ci] Sync pyca workflow with master Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16340) commit 25f4bf08c71a81d0a8a50f89a344d8013b55716c Author: Nicola Tuveri <nic.tuv@gmail.com> Date: Tue Aug 17 13:03:56 2021 +0300 Revert "[github-ci][ci.yml] Disable pyca external tests" This reverts commit 850ed18505631286abbd23d355d4b48f28ad89a9. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16340) commit 91db522f31981b3fafdec4120de1027e8bc4d792 Author: Daniel Fiala <daniel@openssl.org> Date: Mon Apr 18 11:30:13 2022 +0200 x509: use actual issuer name if a CA is used Fixes openssl#16080. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18129) commit 564a8d442cbd8ce68d452ff2e8a58c0aea6b0632 Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Mon Apr 11 10:12:48 2022 +0200 Fix an assertion in the DTLS server code This fixes an internal error alert from the server and an unexpected connection failure in the release version, but a failed assertion and a server crash in the debug version. Reproduce this issue with a DTLS server/client like that: ./openssl s_server -dtls -mtu 1500 ./openssl s_client -dtls -maxfraglen 512 In the debug version a crash happens in the Server now: ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written Aborted (core dumped) While in the release version the handshake exceeds the negotiated max fragment size, and fails because of this: $ ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ERROR 4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826: shutting down SSL CONNECTION CLOSED From the client's point of view the connection fails with an Internal Error Alert: $ ./openssl s_client -dtls -maxfraglen 512 Connecting to ::1 CONNECTED(00000003) 40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80 and now the connection attempt fails unexpectedly. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18093) (cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103) commit 6e73a0a0bd608daecb8e2c1e46de9d1014194c84 Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Tue Apr 12 08:27:21 2022 +0200 Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION This causes the DTLS server to enter an error state: ./openssl s_server -dtls ./openssl s_client -dtls -maxfraglen 512 -sess_out s1.txt [...] Q ./openssl s_client -dtls -sess_in s1.txt CONNECTED(00000003) ^C ./openssl s_client -dtls CONNECTED(00000003) 140335537067840:error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_d1.c:614:SSL alert number 40 At this point the dtls server needs to be restarted, because verify_cookie_callback always fails, because the previous cookie is checked against the current one. The reason for this is not fully understood. In wireshark we see the following each time: c->s Client Hello (without cookie) s->c Hello Verify Request (with new cookie) s->c Alert (Level: Fatal, Description: Handshake Failure) c->s Client Hello (echoes new cookie) The client gives up when the Alert arrives. The Alert is triggered because the server calls verify_cookie_callback with the previous cookie, although it just sent the current cookie in the Hello Verify Request. However this does only happen because no Alert message is sent when the client re-connects the session with the missing -maxfraglen option. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18094) commit a1d3ecd7adf9f17ba20b061106088d13f8b77c03 Author: Todd Short <todd.short@me.com> Date: Fri Apr 1 10:54:45 2022 -0400 Fix -no-tls1_2 in tests This is specific for OpenSSL_1_1_1-stable branch Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/18080) commit c1c7004e7fcddcbb767c47f8dc1831c4637d1b74 Author: Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com> Date: Tue Mar 29 21:50:21 2022 +0200 err: get rid of err_free_strings_int() Even though the function is not part of the public api, it is not entirely removed, in order to minimize the chance of breakage, because it is exported from libcrypto. Instead, we keep a dummy implementation. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17975) commit 2b6617511e424e5a0e8b841918ad2cae864e2699 Author: Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com> Date: Mon Mar 28 19:26:46 2022 +0200 err: fix indentation of preprocessor directive Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17975) commit fdc4646d5eb03e9e3d14ed496bf655671240193a Author: Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com> Date: Mon Mar 28 11:47:55 2022 +0200 err: fix crash in ERR_load_strings() when configured with no-err This commit removes the entire initialization and cleanup of the error string hash table (`int_error_hash`) if `no-err` is configured. The only operative function remaining is `ERR_get_next_error_library()`. That is the reason why the `err_string_lock` and hence the `do_err_strings_init()` function can't be removed entirely. Fixes #17971 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17975) commit 93ac3b8dd1cc49b27c402278cbe73a1c4ac91f9b Author: Hugo Landau <hlandau@openssl.org> Date: Mon Apr 4 12:25:16 2022 +0100 Fix failure to check result of bn_rshift_fixed_top Fixes #18010. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18034) (cherry picked from commit bc6bac8561ead83d6135f376ffcbbb0b657e64fe) commit 3e8f70c30d84861fcd257a6e280dc49e104eb145 Author: Matt Caswell <matt@openssl.org> Date: Wed Mar 30 14:49:24 2022 +0100 Fix usage of SSLfatal A cherry-pick from the master branch incorrectly introduced a usage of 3 argument SSLfatal. In 1.1.1 the function code is also required. Fixes #17999 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18000) commit f29ec6563ddf81db46c464d14f2bb29a3fa5592f Author: Tomas Mraz <tomas@openssl.org> Date: Tue Mar 22 16:33:52 2022 +0100 Test processing of a duplicated HRR Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17936) (cherry picked from commit db44b55aaa42141921217183667800425227b658) commit fb67978a9eb076b23ddf17f6b95f697ed526c584 Author: Tomas Mraz <tomas@openssl.org> Date: Tue Mar 22 12:34:07 2022 +0100 tls_process_server_hello: Disallow repeated HRR Repeated HRR must be rejected. Fixes #17934 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17936) (cherry picked from commit d204a50b898435fbf937316d5693008cebf62eef) commit 739d2bdfba536ff59e8444eb4295b53288ac5caf Author: Todd Short <todd.short@me.com> Date: Fri Mar 25 13:34:11 2022 -0400 Fix: ticket_lifetime_hint may exceed 1 week in TLSv1.3 libctx was left in cherry-pick from master/3.0 cherry-pick Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/17970) commit 79dbd85fe27ebabc278417af64ab8e3eb43d2d40 Author: Todd Short <todd.short@me.com> Date: Wed Mar 23 18:55:10 2022 -0400 ticket_lifetime_hint may exceed 1 week in TLSv1.3 For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446 Fixes #17948 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17952) (cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492) commit 04a768fc5968fa463cf9624a67accdef35bce0e4 Author: Juergen Christ <jchrist@linux.ibm.com> Date: Wed Mar 23 13:26:13 2022 +0100 s390x: Hide internal cpuid symbol and function The symbol OPENSSL_s390xcap_P and the OPENSSL_cpuid_setup function are not exported by the version script of OpenSSL. However, if someone uses the static library without the version script, these symbols all of a sudden become global symbols and their usage in assembler code does not correctly reflect that for PIC. Since these symbols should never be used outside of OpenSSL, hide them inside the binary. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17946) (cherry picked from commit 37816ef5757e458be9648481e56bf698ee3bfbb1) commit 00e5603de13e4f436a0f07abed28b7ea8e3a236e Author: Pauli <pauli@openssl.org> Date: Wed Mar 16 14:13:25 2022 +1100 Fix Coverity 1498612: integer overflow The assert added cannot ever fail because (current & 0xFFFF) != 0 from the while loop and the trailing zero bit count therefore cannot be as large as 32. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/17892) (cherry picked from commit 81487b65b9eb8148471e729b8c1959521d62c69e) commit eed53b9addd097a5d39f896b05aa857d6f29b245 Author: Hugo Landau <hlandau@openssl.org> Date: Fri Mar 11 08:36:11 2022 +0000 Fix integer overflow in evp_EncryptDecryptUpdate Fixes #17871. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17872) commit ad24941228eafe59fe3807d1659585c4d98eac97 Author: Pauli <pauli@openssl.org> Date: Wed Mar 16 13:48:27 2022 +1100 Fix Coverity 1201763 uninitialised pointer read Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17890) (cherry picked from commit a0238b7ed87998c48b1c92bad7fa82dcbba507f9) commit cd2471cd797ae5a6355814bb14a176af6a7d883f Author: Pauli <pauli@openssl.org> Date: Wed Mar 16 14:21:01 2022 +1100 Fix Coverity 1498611 & 1498608: uninitialised read Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17893) (cherry picked from commit 09134f183f76539aa1294adfef10fcc694e90267) commit 2f1c42553dbaac97d38657cd1ac1209ef4c11e78 Author: Pauli <pauli@openssl.org> Date: Wed Mar 16 14:45:44 2022 +1100 Fix coverity 1498607: uninitialised value Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17897) (cherry picked from commit 70cd9a51911e9a4e2f24e29ddd84fa9fcb778b63) commit e567245f45e276a5b0dde456f485e8c505c2a1be Merge: 364d9696f1 d82e959e62 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri Mar 18 19:28:05 2022 +0100 New upstream version 1.1.1n commit 364d9696f1628fb751828c8905a4646d1813ab83 Merge: 1f22415412 d82e959e62 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri Mar 18 18:55:20 2022 +0100 New upstream version 1.1.1n commit 0d9f48d079cbbe85c684c2215955c2a70b2d1c6b Author: David Carlier <devnexen@gmail.com> Date: Wed Mar 16 23:21:58 2022 +0000 print SSL session, fix build warnings on OpenBSD. time_t is a 64 bits type on this platform. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17917) (cherry picked from commit 9362638b080e328ccab43f89048bed27bcf2f11d) commit d6bf4a2218aeb246ba7d34f02e895c37569c8265 Author: Tomas Mraz <tomas@openssl.org> Date: Wed Mar 16 12:09:52 2022 +0100 eng_dyn: Avoid spurious errors when checking for 3.x engine Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17902) commit 0a9bb445893b4a98ad1588aef2d14c29e6c4c5e3 Author: Daniel Fiala <daniel@openssl.org> Date: Wed Mar 16 07:42:55 2022 +0100 Check password length only when verify is enabled. Fixes #16231. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17899) commit 0dfacc00afec4bfc15b5b0066fe24e91f6cb5371 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Tue Mar 15 20:55:04 2022 +0100 Releasea 3.0.2-1. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit ca6297108e4a0fa0ae883836b9fd83bdb9af230b Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Tue Mar 15 20:03:38 2022 +0100 debian/symbol: Drop that alpha reference from the symbol file. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 2c45b7f1a824794151d7df2c8d4531f3ecc944f4 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Tue Mar 15 20:02:57 2022 +0100 Import 3.0.2 and add a reference for the CVE that wasn't mentioned in 3.0.1. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit c1a1ee96ae38668a199296abb24f780c3e17ae71 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Tue Mar 15 19:56:59 2022 +0100 New upstream version 3.0.2 commit 07f3792df153c908704864424535b9ea8383684b Merge: 4e9a8e9944 c1a1ee96ae Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Tue Mar 15 19:56:59 2022 +0100 Update upstream source from tag 'upstream/3.0.2' Update to upstream version '3.0.2' with Debian dir fb0b281d66034700d85f6d43fc1e0652dfecc778 commit 82d5b721c581a7d82a9fcdaaedf842fe3bebb840 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Tue Mar 15 19:46:27 2022 +0100 Release 1.1.1n-1. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 20c77d645785114693c4ac443f2e93da52114935 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Tue Mar 15 19:45:55 2022 +0100 Import 1.1.1n-1 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit dd20f03636dc44f1b3aa53be539c59cb7bf8d385 Merge: 1af8a4ce17 1f22415412 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Tue Mar 15 19:39:54 2022 +0100 Update upstream source from tag 'upstream/1.1.1n' Update to upstream version '1.1.1n' with Debian dir f9de4222df3a91bc90a927d3102ed9dc51790a5a commit 60f3fa75945d97ec6f008424d2c5b6b4165fc152 Author: Matt Caswell <matt@openssl.org> Date: Tue Mar 15 14:37:56 2022 +0000 Prepare for 1.1.1o-dev Reviewed-by: Tomas Mraz <tomas@openssl.org> commit 1af8a4ce1733fa8fbb7f933a139dc5d808462899 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Thu Dec 30 17:45:20 2021 +0100 Use swapcontext() on IA64. This fixes the longterm test-async.t failure. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 4e9a8e99448f46ac4c72b7c5a8f7f366b1c4134f Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Mon Dec 27 11:45:01 2021 +0100 Release 3.0.1-1. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 25b30357fa2b0a2a72a37ea612d030852ed1cd44 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Mon Dec 27 11:17:23 2021 +0100 Zero used registers at function exit. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 314050504a7a252474db88f8c4f992921e3bb1ff Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Mon Dec 27 10:35:24 2021 +0100 Import 3.0.1 While updating the chanelog, correct AVR32 vs ARC. It was never about AVR32, it was ARC that was added. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 598a6e7a37a24e6fc584a1258022c243b50d65c8 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Mon Dec 27 10:26:20 2021 +0100 New upstream version 3.0.1 commit 6a13b91614f39a21c5946b399eddd9c9c5a22cc2 Merge: 74a013466d 598a6e7a37 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Mon Dec 27 10:26:20 2021 +0100 Update upstream source from tag 'upstream/3.0.1' Update to upstream version '3.0.1' with Debian dir f4de2d19fb031d1542956ae27b5b5b2e401ebfdf commit e6e17f4f68d90b64768879ddc341907d26de3b2d Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Sun Dec 26 18:35:54 2021 +0100 New upstream version 3.0.1 commit c0872250027c780031b0ce204a3985252b822637 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri Dec 24 13:16:00 2021 +0100 Prepare 1.1.1m Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 2a43a96c773cec3e63e6123cd88305867178ba2f Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri Dec 24 11:36:02 2021 +0100 KfreeBSD should build again. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 3d8aad427c834717491c40422597f01fc95f2682 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri Dec 24 11:35:02 2021 +0100 Import 1.1.1m Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 159e76e9a8d7320cc3bfb957c6b02c7d5ee2001c Merge: ce4627ec97 04dfe10d77 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri Dec 24 11:33:25 2021 +0100 Update upstream source from tag 'upstream/1.1.1m' Update to upstream version '1.1.1m' with Debian dir 5b69cdaec518fd2e6c7bb03e4f82c688c98fa843 commit ce4627ec9717095dc605aabb695166c396b27ea2 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Mon Aug 30 21:04:08 2021 +0200 Add ARC. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 74a013466d7476e1fd185020eb03b5cb60b2dc68 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Sat Sep 11 10:43:21 2021 +0200 Preapre 3.0.0-1 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit ca34ff32449a96df391cbb6eb2343565f3f5abf2 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Sat Sep 11 10:16:45 2021 +0200 Import 3.0.0. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 6b08c2f9663b54f8dc506f9f8d00b33f54930609 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Sat Sep 11 10:13:59 2021 +0200 New upstream version 3.0.0 commit 420826dd86b8ab111452654910a4652941f186f4 Merge: 067d418723 6b08c2f966 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Sat Sep 11 10:13:59 2021 +0200 Update upstream source from tag 'upstream/3.0.0' Update to upstream version '3.0.0' with Debian dir ad767b682348eb77c033306657ddb11829157fb6 commit 067d418723b2d039309dd07525087c8d55f54f52 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Mon Aug 30 21:04:08 2021 +0200 Add AVR32. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit ee402b9236c2925bee2d2b9d5a61faeeb41ad27c Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Wed Aug 25 00:19:16 2021 +0200 Prepare 1.1.1l-1 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 57a62113611ab82cb111e400f9305ba6abffbdc2 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Tue Aug 24 22:35:05 2021 +0200 Import 1.1.1l Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit cb0d1276f54be1b1ef74d27fcc1aad4d932afa8c Merge: 2699d536bd 94ca62b511 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Tue Aug 24 22:33:41 2021 +0200 Update upstream source from tag 'upstream/1.1.1l' Update to upstream version '1.1.1l' with Debian dir 1b556e333e10862e755a43f972cfc0aa8dbedd17 commit 637e7c1606e55a55d59b9f509a19a9d86e7d9584 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Fri Jul 30 07:51:39 2021 +0200 Prepare 3.0.0~~beta2-1 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit cd8e7165096efa2536d6732cedd7799acc88a733 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Thu Jul 29 22:04:06 2021 +0200 Import 3.0.0~~beta2 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 3a8f564782297f631bb9b5244d2dda309b06ffe4 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Thu Jul 29 22:03:21 2021 +0200 rebase patches, add latomic to a few 32bit arches Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 9f2d59f9cb1eeddf720008d72511fab297bf1754 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Thu Jul 29 21:51:11 2021 +0200 New upstream version 3.0.0~~beta2 commit e6ce0f722a8e28f4094943f580cf7e81353894e9 Merge: 2a832773c1 9f2d59f9cb Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Thu Jul 29 21:51:11 2021 +0200 Update upstream source from tag 'upstream/3.0.0__beta2' Update to upstream version '3.0.0~~beta2' with Debian dir 1e35dd93d22ba801461bde7ae176946c05ffac3d commit 2a832773c1c24da0a0a3ff8c37a834d0880518e7 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Wed Jun 23 19:32:38 2021 +0200 Release 3.0.0~~beta1-1 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit a64df1ea74d8b5689125f878d4846bdb08f177a7 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Wed Jun 23 19:03:51 2021 +0200 Revert VERBOSE_FAILURE change. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 9176b216d9715fa64bf7e7c7cd3c93ee44e3c19c Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Wed Jun 23 19:01:14 2021 +0200 Import beta1 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> commit 7b0ba3d5d4d286f4c621409ac3c5d1b7f35ab36e Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Wed Jun 23 18:57:28 2021 +0200 New upstream version 3.0.0~~beta1 commit c8808676ce9459ac1e15afd797802a49d9ea23b8 Merge: 0450b0afdd 7b0ba3d5d4 Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Date: Wed Jun 23 18:57:28 2021 +0200 Update upstream source from tag 'upstream/3.0.0__beta1' Update to upstream version '3.0.0~~beta1' with Debian dir 2dae0ec2889846f691c4966aa72c753dd78b4c6a commit f9bfdc3aa979eb32d4b8341999473f2ad202d889 Author: Matt Caswell <matt@openssl.org> Date: Thu Jun 17 14:03:42 2021 +0100 Prepare for release of 3.0 beta 1 Reviewed-by: Richard Levitte <levitte@openssl.org>