ShiftMediaProject
diff --git a/‎.travis.yml‎
Lines changed: 1 addition & 1 deletion b/‎.travis.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CHANGES‎
Lines changed: 78 additions & 2 deletions b/‎CHANGES‎
Lines changed: 78 additions & 2 deletions
diff --git a/‎Configurations/10-main.conf‎
Lines changed: 17 additions & 27 deletions b/‎Configurations/10-main.conf‎
Lines changed: 17 additions & 27 deletions
diff --git a/‎Configurations/README‎
Lines changed: 26 additions & 1 deletion b/‎Configurations/README‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎Configurations/common.tmpl‎
Lines changed: 2 additions & 4 deletions b/‎Configurations/common.tmpl‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎Configurations/descrip.mms.tmpl‎
Lines changed: 4 additions & 0 deletions b/‎Configurations/descrip.mms.tmpl‎
Lines changed: 4 additions & 0 deletions
@@ -158,7 +158,7 @@ script:
       else
           echo -e '+\057 MAKE UPDATE FAILED'; false;
       fi;
-      git diff --quiet
+      git diff --exit-code
     - if [ -n "$CHECKDOCS" ]; then
           if $make doc-nits; then
               echo -e '+\057\057 MAKE DOC-NITS OK';
 
@@ -7,6 +7,79 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.0g and 1.1.0h [27 Mar 2018]
+
+  *) Constructed ASN.1 types with a recursive definition could exceed the stack
+
+     Constructed ASN.1 types with a recursive definition (such as can be found
+     in PKCS7) could eventually exceed the stack given malicious input with
+     excessive recursion. This could result in a Denial Of Service attack. There
+     are no such structures used within SSL/TLS that come from untrusted sources
+     so this is considered safe.
+
+     This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
+     project.
+     (CVE-2018-0739)
+     [Matt Caswell]
+
+  *) Incorrect CRYPTO_memcmp on HP-UX PA-RISC
+
+     Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
+     effectively reduced to only comparing the least significant bit of each
+     byte. This allows an attacker to forge messages that would be considered as
+     authenticated in an amount of tries lower than that guaranteed by the
+     security claims of the scheme. The module can only be compiled by the
+     HP-UX assembler, so that only HP-UX PA-RISC targets are affected.
+
+     This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg
+     (IBM).
+     (CVE-2018-0733)
+     [Andy Polyakov]
+
+  *) Add a build target 'build_all_generated', to build all generated files
+     and only that.  This can be used to prepare everything that requires
+     things like perl for a system that lacks perl and then move everything
+     to that system and do the rest of the build there.
+     [Richard Levitte]
+
+  *) Backport SSL_OP_NO_RENGOTIATION
+
+     OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
+     (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
+     changes this is no longer possible in 1.1.0. Therefore the new
+     SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
+     1.1.0 to provide equivalent functionality.
+
+     Note that if an application built against 1.1.0h headers (or above) is run
+     using an older version of 1.1.0 (prior to 1.1.0h) then the option will be
+     accepted but nothing will happen, i.e. renegotiation will not be prevented.
+     [Matt Caswell]
+
+  *) Removed the OS390-Unix config target.  It relied on a script that doesn't
+     exist.
+     [Rich Salz]
+
+  *) rsaz_1024_mul_avx2 overflow bug on x86_64
+
+     There is an overflow bug in the AVX2 Montgomery multiplication procedure
+     used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
+     Analysis suggests that attacks against RSA and DSA as a result of this
+     defect would be very difficult to perform and are not believed likely.
+     Attacks against DH1024 are considered just feasible, because most of the
+     work necessary to deduce information about a private key may be performed
+     offline. The amount of resources required for such an attack would be
+     significant. However, for an attack on TLS to be meaningful, the server
+     would have to share the DH1024 private key among multiple clients, which is
+     no longer an option since CVE-2016-0701.
+
+     This only affects processors that support the AVX2 but not ADX extensions
+     like Intel Haswell (4th generation).
+
+     This issue was reported to OpenSSL by David Benjamin (Google). The issue
+     was originally found via the OSS-Fuzz project.
+     (CVE-2017-3738)
+     [Andy Polyakov]
+
  Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
 
   *) bn_sqrx8x_internal carry bug on x86_64
@@ -2989,8 +3062,11 @@
      to work with OPENSSL_NO_SSL_INTERN defined.
      [Steve Henson]
 
-  *) Add SRP support.
-     [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
+  *) A long standing patch to add support for SRP from EdelWeb (Peter
+     Sylvester and Christophe Renou) was integrated.
+     [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
+     <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
+     Ben Laurie]
 
   *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
      [Steve Henson]
 
@@ -204,6 +204,7 @@ sub vms_info {
                                               debug   => "-O0 -g",
                                               release => "-O3 -fomit-frame-pointer"),
                                        threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
         bn_ops           => "BN_LLONG",
         shared_cflag     => "-fPIC",
         shared_ldflag    => "-shared -static-libgcc",
@@ -223,6 +224,7 @@ sub vms_info {
                                               debug   => "-O0 -g",
                                               release => "-O3"),
                                        threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
         bn_ops           => "SIXTY_FOUR_BIT_LONG",
         perlasm_scheme   => "elf",
         shared_cflag     => "-fPIC",
@@ -268,6 +270,7 @@ sub vms_info {
                                               debug   => "-O0 -g",
                                               release => "-O3"),
                                        threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
         bn_ops           => "BN_LLONG RC4_CHAR",
         shared_cflag     => "-fPIC",
         shared_ldflag    => "-shared",
@@ -432,7 +435,7 @@ sub vms_info {
                                            debug   => "-O0 -g",
                                            release => "-O3"),
                                     threads("-pthread")),
-        ex_libs          => add("-Wl,+s -ldld"),
+        ex_libs          => add("-Wl,+s -ldld", threads("-pthread")),
         bn_ops           => "BN_LLONG",
         thread_scheme    => "pthreads",
         dso_scheme       => "dl",
@@ -551,7 +554,7 @@ sub vms_info {
                                            debug   => "-O0 -g",
                                            release => "-O3"),
                                     threads("-pthread")),
-        ex_libs          => add("-ldl"),
+        ex_libs          => add("-ldl", threads("-pthread")),
         bn_ops           => "SIXTY_FOUR_BIT",
         thread_scheme    => "pthreads",
         dso_scheme       => "dlfcn",
@@ -568,7 +571,7 @@ sub vms_info {
                                            debug   => "-O0 -g",
                                            release => "-O3"),
                                     threads("-pthread")),
-        ex_libs          => add("-ldl"),
+        ex_libs          => add("-ldl", threads("-pthread")),
         bn_ops           => "SIXTY_FOUR_BIT_LONG",
         thread_scheme    => "pthreads",
         dso_scheme       => "dlfcn",
@@ -583,7 +586,7 @@ sub vms_info {
     "MPE/iX-gcc" => {
         inherit_from     => [ "BASE_unix" ],
         cc               => "gcc",
-        cflags           => "-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB",
+        cflags           => "-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB",
         sys_id           => "MPE",
         ex_libs          => add("-L/SYSLOG/PUB -lsyslog -lsocket -lcurses"),
         thread_scheme    => "(unknown)",
@@ -599,7 +602,7 @@ sub vms_info {
         cc               => "gcc",
         cflags           => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3",
                                     threads("-pthread")),
-        ex_libs          => "-lrt",    # for mlock(2)
+        ex_libs          => add("-lrt", threads("-pthread")), # for mlock(2)
         bn_ops           => "SIXTY_FOUR_BIT_LONG",
         thread_scheme    => "pthreads",
         dso_scheme       => "dlfcn",
@@ -611,7 +614,7 @@ sub vms_info {
         cc               => "cc",
         cflags           => combine("-std1 -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -tune host -fast -readonly_strings",
                                     threads("-pthread")),
-        ex_libs          => "-lrt",    # for mlock(2)
+        ex_libs          => add("-lrt", threads("-pthread")), # for mlock(2)
         bn_ops           => "SIXTY_FOUR_BIT_LONG",
         thread_scheme    => "pthreads",
         dso_scheme       => "dlfcn",
@@ -632,7 +635,7 @@ sub vms_info {
                                            debug   => "-O0 -g",
                                            release => "-O3"),
                                     threads("-pthread")),
-        ex_libs          => add("-ldl"),
+        ex_libs          => add("-ldl", threads("-pthread")),
         bn_ops           => "BN_LLONG RC4_CHAR",
         thread_scheme    => "pthreads",
         dso_scheme       => "dlfcn",
@@ -896,7 +899,7 @@ sub vms_info {
     #
     # ANDROID_NDK=/some/where/android-ndk-10d
     # CROSS_SYSROOT=$ANDROID_NDK/platforms/android-14/arch-arm
-    # CROSS_COMPILE=arm-linux-adroideabi-
+    # CROSS_COMPILE=arm-linux-androideabi-
     # PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin
     #
     "android" => {
@@ -1177,6 +1180,7 @@ sub vms_info {
                                            debug   => "-O0 -g",
                                            release => "-O"),
                                     threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
         sys_id           => "AIX",
         bn_ops           => "BN_LLONG RC4_CHAR",
         thread_scheme    => "pthreads",
@@ -1194,6 +1198,7 @@ sub vms_info {
                                            debug   => "-O0 -g",
                                            release => "-O"),
                                     threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
         sys_id           => "AIX",
         bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
         thread_scheme    => "pthreads",
@@ -1251,18 +1256,6 @@ sub vms_info {
         thread_scheme    => "(unknown)",
     },
 
-# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
-# You need to compile using the c89.sh wrapper in the tools directory, because the
-# IBM compiler does not like the -L switch after any object modules.
-#
-    "OS390-Unix" => {
-        inherit_from     => [ "BASE_unix" ],
-        cc               => "c89.sh",
-        cflags           => "-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE",
-        bn_ops           => "THIRTY_TWO_BIT RC4_CHAR",
-        thread_scheme    => "(unknown)",
-    },
-
 #### Visual C targets
 #
 # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
@@ -1590,6 +1583,7 @@ sub vms_info {
         inherit_from     => [ "darwin-common", asm("ppc32_asm") ],
         cflags           => add("-arch ppc -std=gnu9x -DB_ENDIAN -Wa,-force_cpusubtype_ALL"),
         perlasm_scheme   => "osx32",
+        shared_cflag     => add("-fno-common"),
         shared_ldflag    => "-arch ppc -dynamiclib",
     },
     "darwin64-ppc-cc" => {
@@ -1659,7 +1653,7 @@ sub vms_info {
         cc               => "gcc",
         cflags           => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
                                     threads("-pthread")),
-        ex_libs          => add("-ldl"),
+        ex_libs          => add("-ldl", threads("-pthread")),
         bn_ops           => "BN_LLONG",
         thread_scheme    => "pthreads",
         dso_scheme       => "dlfcn",
@@ -1735,9 +1729,7 @@ sub vms_info {
     "uClinux-dist" => {
         inherit_from     => [ "BASE_unix" ],
         cc               => "$ENV{'CC'}",
-        cflags           => combine("\$(CFLAGS)",
-                                    threads("-D_REENTRANT")),
-        plib_lflags      => "\$(LDFLAGS)",
+        cflags           => combine(threads("-D_REENTRANT")),
         ex_libs          => add("\$(LDLIBS)"),
         bn_ops           => "BN_LLONG",
         thread_scheme    => "pthreads",
@@ -1751,9 +1743,7 @@ sub vms_info {
     "uClinux-dist64" => {
         inherit_from     => [ "BASE_unix" ],
         cc               => "$ENV{'CC'}",
-        cflags           => combine("\$(CFLAGS)",
-                                    threads("-D_REENTRANT")),
-        plib_lflags      => "\$(LDFLAGS)",
+        cflags           => combine(threads("-D_REENTRANT")),
         ex_libs          => add("\$(LDLIBS)"),
         bn_ops           => "SIXTY_FOUR_BIT_LONG",
         thread_scheme    => "pthreads",
 
@@ -18,10 +18,14 @@ configuration in diverse ways:
 Configurations of OpenSSL target platforms
 ==========================================
 
-Target configurations are a collection of facts that we know about
+Configuration targets are a collection of facts that we know about
 different platforms and their capabilities.  We organise them in a
 hash table, where each entry represent a specific target.
 
+Note that configuration target names must be unique across all config
+files.  The Configure script does check that a config file doesn't
+have config targets that shadow config targets from other files.
+
 In each table entry, the following keys are significant:
 
         inherit_from    => Other targets to inherit values from.
@@ -86,6 +90,27 @@ In each table entry, the following keys are significant:
                            files.  On unix, this defaults to "" (NOTE:
                            this is here for future use, it's not
                            implemented yet)
+        shlib_variant   => A "variant" identifier inserted between the base
+                           shared library name and the extension.  On "unixy"
+                           platforms (BSD, Linux, Solaris, MacOS/X, ...) this
+                           supports installation of custom OpenSSL libraries
+                           that don't conflict with other builds of OpenSSL
+                           installed on the system.  The variant identifier
+                           becomes part of the SONAME of the library and also
+                           any symbol versions (symbol versions are not used or
+                           needed with MacOS/X).  For example, on a system
+                           where a default build would normally create the SSL
+                           shared library as 'libssl.so -> libssl.so.1.1' with
+                           the value of the symlink as the SONAME, a target
+                           definition that sets 'shlib_variant => "-abc"' will
+                           create 'libssl.so -> libssl-abc.so.1.1', again with
+                           an SONAME equal to the value of the symlink.  The
+                           symbol versions associated with the variant library
+                           would then be 'OPENSSL_ABC_<version>' rather than
+                           the default 'OPENSSL_<version>'. The string inserted
+                           into symbol versions is obtained by mapping all
+                           letters in the "variant" identifier to upper case
+                           and all non-alphanumeric characters to '_'.
 
         thread_scheme   => The type of threads is used on the
                            configured platform.  Currently known
 
@@ -52,8 +52,7 @@
                              generator_incs => $unified_info{includes}->{$script},
                              generator_deps => $unified_info{depends}->{$script},
                              deps => $unified_info{depends}->{$src},
-                             incs => [ @{$unified_info{includes}->{$bin}},
-                                       @{$unified_info{includes}->{$obj}} ],
+                             incs => $unified_info{includes}->{$obj},
                              %opts);
          foreach (@{$unified_info{depends}->{$src}}) {
              dogenerate($_, $obj, $bin, %opts);
@@ -74,8 +73,7 @@
          $OUT .= src2obj(obj => $obj_no_o,
                          srcs => $unified_info{sources}->{$obj},
                          deps => $unified_info{depends}->{$obj},
-                         incs => [ @{$unified_info{includes}->{$bin}},
-                                   @{$unified_info{includes}->{$obj}} ],
+                         incs => $unified_info{includes}->{$obj},
                          %opts);
          foreach ((@{$unified_info{sources}->{$obj}},
                    @{$unified_info{depends}->{$obj}})) {
 
@@ -264,6 +264,10 @@ build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
 # Kept around for backward compatibility
 build_apps build_tests : build_programs
 
+# Convenience target to prebuild all generated files, not just the mandatory
+# ones
+build_all_generated : $(GENERATED_MANDATORY) $(GENERATED)
+
 test : tests
 {- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep
         @ ! {- output_off() if $disabled{tests}; "" -}