[openssl] master update
matthias.st.pierre at ncp-e.com
matthias.st.pierre at ncp-e.com
Fri May 15 18:50:54 UTC 2020
The branch master has been updated
via 43a70f02022ebbc29aa71853f04f1dc0d9772846 (commit)
via a51f225d0d6a9ea5b25a07091a67bb3c737ffe31 (commit)
from 538404d2186954d58c04c46232f985ddf9675b6f (commit)
- Log -----------------------------------------------------------------
commit 43a70f02022ebbc29aa71853f04f1dc0d9772846
Author: Rich Salz <rsalz at akamai.com>
Date: Wed May 13 11:16:50 2020 -0400
Fix all MD036 (emphasis used instead of heading)
The main fixes were errors in itemized lists "*)" instead of "*"
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11770)
commit a51f225d0d6a9ea5b25a07091a67bb3c737ffe31
Author: Rich Salz <rsalz at akamai.com>
Date: Fri May 8 10:34:22 2020 -0400
Add "md-nits" make target
Also fix a nit in recent CHANGES.md update.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11770)
-----------------------------------------------------------------------
Summary of changes:
.travis.yml | 12 ++++---
CHANGES.md | 70 +++++++++++++++++++--------------------
Configurations/unix-Makefile.tmpl | 13 ++++++--
INSTALL.md | 7 ++--
util/markdownlint.rb | 1 -
5 files changed, 58 insertions(+), 45 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 0ac0eb5bf9..413d87475f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -205,10 +205,14 @@ script:
travis_terminate 1;
fi
- if test -n "$MARKDOWNLINT" ; then
- echo -e "====START MARKDOWNLINT====";
- gem install mdl || travis_terminate 1;
- mdl -s util/markdownlint.rb . || travis_terminate 1;
- echo -e "====END MARKDOWNLINT====";
+ if ! gem install mdl ; then
+ echo -e '\052\052 FAILED -- GEM INSTALL MDL';
+ travis_terminate 1;
+ fi;
+ if ! $make md-nits ; then
+ echo -e '\052\052 FAILED -- MAKE MD-NITS';
+ travis_terminate 1;
+ fi;
fi
- if ! $make2; then
echo -e '\052\052 FAILED -- MAKE';
diff --git a/CHANGES.md b/CHANGES.md
index 6ee0b1efde..589cc5537e 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -6001,40 +6001,40 @@ OpenSSL 1.0.1
*Steve Henson*
- *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
- results on some platforms, including x86_64. This bug occurs at random
- with a very low probability, and is not known to be exploitable in any
- way, though its exact impact is difficult to determine. Thanks to Pieter
- Wuille (Blockstream) who reported this issue and also suggested an initial
- fix. Further analysis was conducted by the OpenSSL development team and
- Adam Langley of Google. The final fix was developed by Andy Polyakov of
- the OpenSSL core team.
- [CVE-2014-3570][]
+ * Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+ results on some platforms, including x86_64. This bug occurs at random
+ with a very low probability, and is not known to be exploitable in any
+ way, though its exact impact is difficult to determine. Thanks to Pieter
+ Wuille (Blockstream) who reported this issue and also suggested an initial
+ fix. Further analysis was conducted by the OpenSSL development team and
+ Adam Langley of Google. The final fix was developed by Andy Polyakov of
+ the OpenSSL core team.
+ [CVE-2014-3570][]
*Andy Polyakov*
- *) Do not resume sessions on the server if the negotiated protocol
- version does not match the session's version. Resuming with a different
- version, while not strictly forbidden by the RFC, is of questionable
- sanity and breaks all known clients.
+ * Do not resume sessions on the server if the negotiated protocol
+ version does not match the session's version. Resuming with a different
+ version, while not strictly forbidden by the RFC, is of questionable
+ sanity and breaks all known clients.
*David Benjamin, Emilia Käsper*
- *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
- early CCS messages during renegotiation. (Note that because
- renegotiation is encrypted, this early CCS was not exploitable.)
+ * Tighten handling of the ChangeCipherSpec (CCS) message: reject
+ early CCS messages during renegotiation. (Note that because
+ renegotiation is encrypted, this early CCS was not exploitable.)
*Emilia Käsper*
- *) Tighten client-side session ticket handling during renegotiation:
- ensure that the client only accepts a session ticket if the server sends
- the extension anew in the ServerHello. Previously, a TLS client would
- reuse the old extension state and thus accept a session ticket if one was
- announced in the initial ServerHello.
+ * Tighten client-side session ticket handling during renegotiation:
+ ensure that the client only accepts a session ticket if the server sends
+ the extension anew in the ServerHello. Previously, a TLS client would
+ reuse the old extension state and thus accept a session ticket if one was
+ announced in the initial ServerHello.
- Similarly, ensure that the client requires a session ticket if one
- was advertised in the ServerHello. Previously, a TLS client would
- ignore a missing NewSessionTicket message.
+ Similarly, ensure that the client requires a session ticket if one
+ was advertised in the ServerHello. Previously, a TLS client would
+ ignore a missing NewSessionTicket message.
*Emilia Käsper*
@@ -7020,19 +7020,19 @@ OpenSSL 1.0.0
*Steve Henson*
- *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
- results on some platforms, including x86_64. This bug occurs at random
- with a very low probability, and is not known to be exploitable in any
- way, though its exact impact is difficult to determine. Thanks to Pieter
- Wuille (Blockstream) who reported this issue and also suggested an initial
- fix. Further analysis was conducted by the OpenSSL development team and
- Adam Langley of Google. The final fix was developed by Andy Polyakov of
- the OpenSSL core team.
- [CVE-2014-3570][]
+ * Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+ results on some platforms, including x86_64. This bug occurs at random
+ with a very low probability, and is not known to be exploitable in any
+ way, though its exact impact is difficult to determine. Thanks to Pieter
+ Wuille (Blockstream) who reported this issue and also suggested an initial
+ fix. Further analysis was conducted by the OpenSSL development team and
+ Adam Langley of Google. The final fix was developed by Andy Polyakov of
+ the OpenSSL core team.
+ [CVE-2014-3570][]
- *Andy Polyakov*
+ *Andy Polyakov*
- *) Fix various certificate fingerprint issues.
+ * Fix various certificate fingerprint issues.
By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 41a35aae65..126180ace7 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -519,7 +519,7 @@ clean: libclean
-$(RM) `find . -name '*{- platform->depext() -}' \! -name '.*' \! -type d -print`
-$(RM) `find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -print`
$(RM) core
- $(RM) tags TAGS doc-nits cmd-nits
+ $(RM) tags TAGS doc-nits cmd-nits md-nits
$(RM) -r test/test-runs
$(RM) openssl.pc libcrypto.pc libssl.pc
-$(RM) `find . -type l \! -name '.*' -print`
@@ -982,13 +982,22 @@ update: generate errors ordinals
generate: generate_apps generate_crypto_bn generate_crypto_objects \
generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids
-.PHONY: doc-nits cmd-nits
+.PHONY: doc-nits cmd-nits md-nits
doc-nits: build_generated
$(PERL) $(SRCDIR)/util/find-doc-nits -n -l -e
cmd-nits: build_generated apps/openssl
$(PERL) $(SRCDIR)/util/find-doc-nits -c
+# This uses "mdl", the markdownlint application, which is written in ruby.
+# The source is at https://github.com/markdownlint/markdownlint
+# If you have ruby installed, "gem install mdl" should work.
+# Another option is at https://snapcraft.io/install/mdl/debian
+# Finally, there's a Node.js version, which we haven't tried, that
+# can be found at https://github.com/DavidAnson/markdownlint
+md-nits:
+ mdl -s util/markdownlint.rb .
+
# Test coverage is a good idea for the future
#coverage: $(PROGRAMS) $(TESTPROGRAMS)
# ...
diff --git a/INSTALL.md b/INSTALL.md
index d4da50c7f7..88961aa74b 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -262,13 +262,14 @@ for 32bit binaries on 64bit Windows (WOW64).
#### Installing to a different location
To install OpenSSL to a different location (for example into your home
-directory for testing purposes) run config like this:
+directory for testing purposes) run config as shown in the following
+examples.
-**On Unix**
+On Unix:
$ ./config --prefix=/opt/openssl --openssldir=/usr/local/ssl
-**On OpenVMS**
+On OpenVMS:
$ @config --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL]
diff --git a/util/markdownlint.rb b/util/markdownlint.rb
index 75eb21ecb8..66517484ad 100644
--- a/util/markdownlint.rb
+++ b/util/markdownlint.rb
@@ -18,4 +18,3 @@ exclude_rule 'MD014' # Dollar signs used before commands without showing output
exclude_rule 'MD024' # Multiple headers with the same content
exclude_rule 'MD025' # Multiple top level headers in the same document
exclude_rule 'MD029' # Ordered list item prefix
-exclude_rule 'MD036' # Emphasis used instead of a header
More information about the openssl-commits
mailing list