Merge ~adrien/ubuntu/+source/openssl:merge-3.2.2-1 into ubuntu/+source/openssl:ubuntu/devel

Proposed by Adrien Nader
Status: Merged
Merge reported by: Adrien Nader
Merged at revision: 621417f622415e5102b64a3933f98fcd49c09117
Proposed branch: ~adrien/ubuntu/+source/openssl:merge-3.2.2-1
Merge into: ubuntu/+source/openssl:ubuntu/devel
Diff against target: 12988 lines (+3784/-3273) (has conflicts)
217 files modified
.ctags.d/add-dir.ctags (+11/-0)
.ctags.d/exclude.ctags (+13/-0)
.ctags.d/openssl-stage1/10extrac-macrodefs.ctags (+18/-0)
.ctags.d/openssl-stage2/10expand-macros.ctags (+9/-0)
CHANGES.md (+82/-8)
CONTRIBUTING.md (+5/-3)
Configurations/10-main.conf (+8/-1)
Configurations/15-ios.conf (+3/-3)
Configurations/unix-Makefile.tmpl (+7/-7)
Configure (+5/-3)
INSTALL.md (+8/-1)
NEWS.md (+27/-4)
NOTES-NONSTOP.md (+7/-1)
VERSION.dat (+2/-2)
apps/lib/cmp_mock_srv.c (+17/-4)
apps/lib/s_cb.c (+5/-3)
apps/list.c (+2/-1)
apps/ocsp.c (+2/-2)
apps/pkcs12.c (+11/-5)
apps/req.c (+1/-1)
apps/speed.c (+6/-2)
apps/ts.c (+7/-4)
apps/x509.c (+4/-3)
crypto/aes/asm/bsaes-armv8.pl (+6/-3)
crypto/aes/build.info (+1/-1)
crypto/bio/bio_lib.c (+7/-3)
crypto/bio/bio_sock.c (+5/-1)
crypto/bio/bss_conn.c (+8/-4)
crypto/bio/bss_dgram.c (+26/-8)
crypto/bn/bn_lib.c (+47/-6)
crypto/bn/bn_rand.c (+126/-40)
crypto/bn/bn_shift.c (+4/-4)
crypto/chacha/asm/chacha-loongarch64.pl (+1/-1)
crypto/chacha/asm/chachap10-ppc.pl (+4/-2)
crypto/cmp/cmp_asn.c (+21/-14)
crypto/cmp/cmp_genm.c (+5/-3)
crypto/cms/cms_asn1.c (+18/-3)
crypto/cms/cms_env.c (+4/-11)
crypto/cms/cms_lib.c (+2/-15)
crypto/cms/cms_local.h (+2/-2)
crypto/cms/cms_sd.c (+19/-3)
crypto/cms/cms_smime.c (+3/-2)
crypto/deterministic_nonce.c (+49/-7)
crypto/dsa/dsa_check.c (+41/-5)
crypto/dsa/dsa_ossl.c (+6/-5)
crypto/dsa/dsa_sign.c (+7/-2)
crypto/ec/asm/ecp_sm2p256-armv8.pl (+7/-7)
crypto/ec/build.info (+1/-1)
crypto/ec/curve448/arch_64/f_impl64.c (+4/-4)
crypto/ec/ecdsa_ossl.c (+16/-6)
crypto/encode_decode/encoder_lib.c (+6/-1)
crypto/engine/eng_pkey.c (+1/-43)
crypto/err/openssl.ec (+2/-0)
crypto/err/openssl.txt (+4/-1)
crypto/ess/ess_lib.c (+2/-2)
crypto/evp/keymgmt_lib.c (+7/-2)
crypto/evp/p_lib.c (+10/-2)
crypto/evp/pmeth_lib.c (+67/-2)
crypto/evp/signature.c (+24/-9)
crypto/hpke/hpke.c (+2/-2)
crypto/init.c (+8/-6)
crypto/o_str.c (+2/-2)
crypto/params.c (+5/-5)
crypto/property/property_parse.c (+2/-1)
crypto/provider_core.c (+9/-6)
crypto/sha/build.info (+1/-1)
crypto/sleep.c (+2/-11)
crypto/sm2/sm2_crypt.c (+28/-5)
crypto/sm2/sm2_sign.c (+15/-3)
crypto/sm4/asm/vpsm4-armv8.pl (+4/-4)
crypto/sm4/asm/vpsm4_ex-armv8.pl (+4/-4)
crypto/sm4/build.info (+1/-1)
crypto/store/store_lib.c (+4/-3)
crypto/x509/by_dir.c (+4/-4)
crypto/x509/by_file.c (+3/-1)
crypto/x509/v3_addr.c (+2/-2)
debian/changelog (+35/-0)
debian/gbp.conf (+0/-2)
debian/openssl.docs (+0/-1)
debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch (+3/-3)
debian/patches/debian-targets.patch (+18/-9)
debian/patches/default-configuration-read-dropins-and-crypto-config.patch (+30/-0)
debian/patches/man-section.patch (+1/-1)
debian/patches/series (+7/-0)
debian/rules (+13/-2)
demos/digest/BIO_f_md.c (+7/-2)
demos/digest/EVP_MD_demo.c (+2/-2)
demos/digest/EVP_MD_stdin.c (+2/-2)
demos/sslecho/main.c (+2/-1)
dev/null (+0/-2003)
doc/build.info (+12/-0)
doc/fingerprints.txt (+3/-0)
doc/internal/man3/ossl_method_construct.pod (+2/-2)
doc/man1/openssl-ciphers.pod.in (+11/-5)
doc/man1/openssl-crl.pod.in (+4/-1)
doc/man1/openssl-mac.pod.in (+11/-6)
doc/man1/openssl-req.pod.in (+23/-10)
doc/man1/openssl-smime.pod.in (+5/-13)
doc/man1/openssl-storeutl.pod.in (+4/-1)
doc/man1/openssl-ts.pod.in (+4/-4)
doc/man3/DEFINE_STACK_OF.pod (+3/-3)
doc/man3/EVP_DigestInit.pod (+2/-2)
doc/man3/EVP_DigestSignInit.pod (+11/-8)
doc/man3/EVP_DigestVerifyInit.pod (+4/-1)
doc/man3/EVP_EncryptInit.pod (+4/-4)
doc/man3/EVP_KDF.pod (+2/-2)
doc/man3/EVP_PKEY_CTX_ctrl.pod (+4/-3)
doc/man3/EVP_PKEY_CTX_set_params.pod (+4/-2)
doc/man3/EVP_PKEY_check.pod (+6/-1)
doc/man3/EVP_PKEY_decrypt.pod (+12/-3)
doc/man3/OSSL_CMP_ITAV_new_caCerts.pod (+5/-2)
doc/man3/RSA_public_encrypt.pod (+11/-4)
doc/man3/SSL_CIPHER_get_name.pod (+2/-2)
doc/man3/SSL_CONF_cmd.pod (+17/-11)
doc/man3/SSL_CTX_set_cert_store.pod (+4/-2)
doc/man3/SSL_CTX_set_verify.pod (+4/-1)
doc/man3/SSL_CTX_use_certificate.pod (+3/-2)
doc/man3/SSL_load_client_CA_file.pod (+18/-2)
doc/man3/SSL_set_session_secret_cb.pod (+69/-0)
doc/man3/X509_STORE_CTX_new.pod (+4/-2)
doc/man7/EVP_PKEY-SM2.pod (+4/-1)
doc/man7/OSSL_PROVIDER-base.pod (+2/-2)
doc/man7/OSSL_PROVIDER-default.pod (+2/-2)
doc/man7/OSSL_STORE-winstore.pod (+86/-0)
doc/man7/ossl-guide-migration.pod (+25/-3)
doc/man7/provider-asym_cipher.pod (+2/-2)
engines/e_afalg.c (+4/-2)
engines/e_dasync.c (+2/-2)
fuzz/asn1.c (+11/-5)
fuzz/decoder.c (+14/-4)
include/crypto/bn.h (+11/-2)
include/internal/constant_time.h (+24/-1)
include/internal/e_os.h (+2/-1)
include/internal/quic_reactor.h (+3/-2)
include/internal/quic_stream_map.h (+36/-1)
include/internal/refcount.h (+2/-2)
include/internal/thread_arch.h (+3/-3)
include/openssl/e_os2.h (+2/-1)
include/openssl/hpke.h (+2/-2)
include/openssl/sslerr.h (+3/-1)
os-dep/Apple/PrivacyInfo.xcprivacy (+23/-0)
providers/fips-sources.checksums (+161/-161)
providers/fips.checksum (+1/-1)
providers/fips/fipsprov.c (+3/-1)
providers/fips/self_test_data.inc (+26/-26)
providers/implementations/ciphers/cipher_aes_gcm_hw.c (+3/-3)
providers/implementations/ciphers/cipher_aes_hw.c (+3/-3)
providers/implementations/ciphers/cipher_aes_ocb_hw.c (+3/-3)
providers/implementations/ciphers/cipher_aes_xts_hw.c (+2/-2)
providers/implementations/exchange/kdf_exch.c (+43/-1)
providers/implementations/kdfs/hkdf.c (+9/-1)
providers/implementations/rands/drbg.c (+3/-2)
providers/implementations/rands/drbg_ctr.c (+4/-3)
providers/implementations/rands/drbg_hash.c (+3/-2)
providers/implementations/rands/drbg_hmac.c (+3/-2)
providers/implementations/rands/drbg_local.h (+2/-1)
ssl/quic/quic_impl.c (+50/-24)
ssl/quic/quic_thread_assist.c (+2/-2)
ssl/quic/quic_tserver.c (+2/-2)
ssl/quic/quic_txp.c (+15/-5)
ssl/record/methods/tls_common.c (+12/-1)
ssl/record/rec_layer_s3.c (+45/-1)
ssl/record/record.h (+3/-2)
ssl/s3_lib.c (+5/-5)
ssl/ssl_err.c (+5/-1)
ssl/ssl_lib.c (+16/-43)
ssl/ssl_local.h (+2/-2)
ssl/ssl_sess.c (+31/-8)
ssl/statem/statem_lib.c (+7/-4)
ssl/statem/statem_srvr.c (+9/-9)
ssl/t1_lib.c (+34/-11)
test/bad_dtls_test.c (+2/-2)
test/build.info (+2/-1)
test/cmp_hdr_test.c (+33/-18)
test/ct_test.c (+8/-3)
test/dsatest.c (+7/-3)
test/ecdsatest.c (+27/-3)
test/ecstresstest.c (+2/-2)
test/evp_extra_test.c (+47/-1)
test/evp_pkey_provided_test.c (+45/-18)
test/evp_test.c (+10/-9)
test/helpers/ssltestlib.c (+34/-1)
test/helpers/ssltestlib.h (+3/-1)
test/keymgmt_internal_test.c (+7/-3)
test/pathed.cnf (+22/-0)
test/pkey_meth_kdf_test.c (+43/-12)
test/prov_config_test.c (+55/-1)
test/quic_client_test.c (+68/-18)
test/quic_multistream_test.c (+124/-6)
test/quicapitest.c (+28/-15)
test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem (+57/-0)
test/recipes/25-test_req.t (+2/-1)
test/recipes/30-test_evp_data/evpciph_sm4.txt (+7/-1)
test/recipes/30-test_prov_config.t (+5/-3)
test/recipes/60-test_x509_load_cert_file.t (+2/-1)
test/recipes/80-test_cmp_http_data/Mock/test.cnf (+2/-2)
test/recipes/80-test_cmp_http_data/test_commands.csv (+1/-1)
test/recipes/80-test_cms.t (+8/-1)
test/recipes/80-test_pkcs12.t (+13/-1)
test/recipes/90-test_shlibload.t (+2/-1)
test/recipes/90-test_sslapi.t (+16/-19)
test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh (+3/-3)
test/sm2_internal_test.c (+32/-9)
test/ssl-tests/14-curves.cnf.in (+6/-2)
test/ssl-tests/20-cert-select.cnf (+108/-108)
test/ssl-tests/20-cert-select.cnf.in (+35/-35)
test/ssl-tests/28-seclevel.cnf.in (+6/-2)
test/sslapitest.c (+561/-66)
test/sslbuffertest.c (+175/-1)
test/test.cnf (+6/-0)
test/threadpool_test.c (+42/-38)
test/tls-provider.c (+28/-11)
test/v3ext.c (+13/-4)
test/x509_load_cert_file_test.c (+7/-1)
util/missingssl.txt (+0/-1)
util/other.syms (+1/-0)
util/perl/OpenSSL/paramnames.pm (+2/-2)
Conflict in debian/changelog
Conflict in debian/patches/series
Conflict in debian/rules
Reviewer Review Type Date Requested Status
Dan Bungert Pending
Simon Chopin Pending
Review via email: mp+468828@code.qastaging.launchpad.net

This proposal supersedes a proposal from 2024-07-01.

Commit message

Merge 3.2.2-1, fix changelog/copyright links, read configuration's dropins.

The target of the copyright symlink broke with the t64 transition.

The original changelog.gz file is removed by pkgbinarymangler so skip the symlink.

Read two directories of dropins from the configuration:
- /etc/ssl/openssl.conf.d
- /var/lib/crypto-config/profiles/current/openssl.conf.d

Description of the change

Please review this merge request.

# ๐Ÿ“Š PPA
A PPA is available at:
 https://launchpad.net/~adrien/+archive/ubuntu/oracular-openssl-merge-3.2

# ๐Ÿงช Autopkgtest results
- โœ… openssl on oracular for amd64 @ 04.07.24 22:06:42
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-oracular-adrien-oracular-openssl-merge-3.2/oracular/amd64/o/openssl/20240704_220642_10714@/log.gz
- โœ… openssl on oracular for arm64 @ 04.07.24 22:07:18
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-oracular-adrien-oracular-openssl-merge-3.2/oracular/arm64/o/openssl/20240704_220718_d72b3@/log.gz
- โ›” openssl on oracular for armhf @ 04.07.24 22:14:48
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-oracular-adrien-oracular-openssl-merge-3.2/oracular/armhf/o/openssl/20240704_221448_d25ba@/log.gz
      โ€ข Status: BAD
      โ€ข testbed BAD โ›”
- โœ… openssl on oracular for i386 @ 04.07.24 22:07:09
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-oracular-adrien-oracular-openssl-merge-3.2/oracular/i386/o/openssl/20240704_220709_11d8e@/log.gz
- โœ… openssl on oracular for ppc64el @ 04.07.24 22:08:26
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-oracular-adrien-oracular-openssl-merge-3.2/oracular/ppc64el/o/openssl/20240704_220826_9e40f@/log.gz
- โœ… openssl on oracular for s390x @ 04.07.24 22:07:13
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-oracular-adrien-oracular-openssl-merge-3.2/oracular/s390x/o/openssl/20240704_220713_52d9b@/log.gz

The armhf failure is a testbed failure which I didn't retry as previous
runs of the same code besides comments had succeeded.

# ๐Ÿ” Lintian diff from most recent published package
No relevant change.

To post a comment you must log in.
Revision history for this message
Simon Chopin (schopin) wrote : Posted in a previous version of this proposal

Uploaded. I had to use the emptydir fix, so this MP will not be closed automatically, could you close it please?

review: Approve
Revision history for this message
Adrien Nader (adrien) wrote : Posted in a previous version of this proposal

Thanks a lot for the speedy review!

I'll close this.

Revision history for this message
Dan Bungert (dbungert) wrote :

Claiming review to remove this from the sponsor queue, still open for the moment.

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches