ShiftMediaProject
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 6 deletions b/‎.gitignore‎
Lines changed: 2 additions & 6 deletions
diff --git a/‎.travis-apt-pin.preferences‎
Lines changed: 15 additions & 0 deletions b/‎.travis-apt-pin.preferences‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎.travis.yml‎
Lines changed: 37 additions & 47 deletions b/‎.travis.yml‎
Lines changed: 37 additions & 47 deletions
diff --git a/‎CHANGES‎
Lines changed: 45 additions & 0 deletions b/‎CHANGES‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎Configurations/descrip.mms.tmpl‎
Lines changed: 6 additions & 1 deletion b/‎Configurations/descrip.mms.tmpl‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎Configurations/unix-Makefile.tmpl‎
Lines changed: 25 additions & 28 deletions b/‎Configurations/unix-Makefile.tmpl‎
Lines changed: 25 additions & 28 deletions
@@ -27,6 +27,7 @@ Makefile
 
 # Auto generated headers
 /crypto/buildinf.h
+/apps/progs.h
 /crypto/include/internal/*_conf.h
 /openssl/include/opensslconf.h
 /util/domd
@@ -52,12 +53,7 @@ Makefile
 /test/v3ext
 
 # Certain files that get created by tests on the fly
-/test/*.ss
-/test/*.srl
-/test/.rnd
-/test/test*.pem
-/test/newkey.pem
-/test/*.log
+/test/test-runs
 /test/buildtest_*
 
 # Fuzz stuff.
 
@@ -0,0 +1,15 @@
+Package: clang-3.9
+Pin: release o=Ubuntu
+Pin-Priority: -1
+
+Package: libclang-common-3.9-dev
+Pin: release o=Ubuntu
+Pin-Priority: -1
+
+Package: libclang1-3.9
+Pin: release o=Ubuntu
+Pin-Priority: -1
+
+Package: libllvm3.9v4
+Pin: release o=Ubuntu
+Pin-Priority: -1
@@ -28,70 +28,29 @@ env:
     - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
     - CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes"
     - CONFIG_OPTS="no-ec" BUILDONLY="yes"
+    - CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes"
 
 matrix:
     include:
         - os: linux
-          addons:
-              apt:
-                  packages:
-                      - clang-3.9
-                  sources:
-                      - llvm-toolchain-trusty-3.9
-                      - ubuntu-toolchain-r-test
           compiler: clang-3.9
           env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
         - os: linux
           compiler: gcc
           env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes"
         - os: linux
-          addons:
-              apt:
-                  packages:
-                      - clang-3.9
-                  sources:
-                      - llvm-toolchain-trusty-3.9
-                      - ubuntu-toolchain-r-test
           compiler: clang-3.9
           env: CONFIG_OPTS="enable-asan"
         - os: linux
-          addons:
-              apt:
-                  packages:
-                      - clang-3.9
-                  sources:
-                      - llvm-toolchain-trusty-3.9
-                      - ubuntu-toolchain-r-test
           compiler: clang-3.9
           env: CONFIG_OPTS="enable-msan"
         - os: linux
-          addons:
-              apt:
-                  packages:
-                      - clang-3.9
-                  sources:
-                      - llvm-toolchain-trusty-3.9
-                      - ubuntu-toolchain-r-test
           compiler: clang-3.9
           env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
         - os: linux
-          addons:
-              apt:
-                  packages:
-                      - clang-3.9
-                  sources:
-                      - llvm-toolchain-trusty-3.9
-                      - ubuntu-toolchain-r-test
           compiler: clang-3.9
           env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
         - os: linux
-          addons:
-              apt:
-                  packages:
-                      - clang-3.9
-                  sources:
-                      - llvm-toolchain-trusty-3.9
-                      - ubuntu-toolchain-r-test
           compiler: clang-3.9
           env: CONFIG_OPTS="no-stdio"
         - os: linux
@@ -160,7 +119,14 @@ before_script:
           export CROSS_COMPILE=${CC%%gcc}; unset CC;
           $srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
       else
-          if which ccache >/dev/null && [ "$CC" != clang-3.9 ]; then
+          if [ "$CC" == clang-3.9 ]; then
+              sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang;
+              curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -;
+              echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null;
+              sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test";
+              sudo -E apt-get -yq update;
+              sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9;
+          elif which ccache >/dev/null; then
               CC="ccache $CC";
           fi;
           $srcdir/config -v $CONFIG_OPTS;
@@ -187,20 +153,44 @@ script:
       else
           top=.;
       fi
-    - $make update
-    - $make
+    - if $make update; then
+          echo -e '+\057 MAKE UPDATE OK';
+      else
+          echo -e '+\057 MAKE UPDATE FAILED'; false;
+      fi;
+      git diff --quiet
+    - if [ -n "$CHECKDOCS" ]; then
+          if $make doc-nits; then
+              echo -e '+\057\057 MAKE DOC-NITS OK';
+          else
+              echo -e '+\057\057 MAKE DOC-NITS FAILED'; false;
+          fi;
+      fi
+    - if $make ; then
+          echo -e '+\057\057\057 MAKE OK';
+      else
+          echo -e '+\057\057\057 MAKE FAILED'; false;
+      fi;
     - if [ -z "$BUILDONLY" ]; then
           if [ -n "$CROSS_COMPILE" ]; then
               sudo apt-get -yq install wine;
               export EXE_SHELL="wine" WINEPREFIX=`pwd`;
           fi;
           HARNESS_VERBOSE=yes make test;
       else
-          $make build_tests;
+          if $make build_tests; then
+              echo -e '+\057\057\075 MAKE BUILD_TESTS OK';
+          else
+              echo -e '+\057\057\075 MAKE BUILD_TESTS FAILEd'; false;
+          fi;
       fi
     - if [ -n "$DESTDIR" ]; then
           mkdir "../$DESTDIR";
-          $make install install_docs DESTDIR="../$DESTDIR";
+          if $make install install_docs DESTDIR="../$DESTDIR"; then
+              echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK';
+          else
+              echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false;
+          fi;
       fi
     - cd $top
 
 
@@ -2,6 +2,51 @@
  OpenSSL CHANGES
  _______________
 
+ This is a high-level summary of the most important changes.
+ For a full list of changes, see the git commit log; for example,
+ https://github.com/openssl/openssl/commits/ and pick the appropriate
+ release branch.
+
+ Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
+
+  *) bn_sqrx8x_internal carry bug on x86_64
+
+     There is a carry propagating bug in the x86_64 Montgomery squaring
+     procedure. No EC algorithms are affected. Analysis suggests that attacks
+     against RSA and DSA as a result of this defect would be very difficult to
+     perform and are not believed likely. Attacks against DH are considered just
+     feasible (although very difficult) because most of the work necessary to
+     deduce information about a private key may be performed offline. The amount
+     of resources required for such an attack would be very significant and
+     likely only accessible to a limited number of attackers. An attacker would
+     additionally need online access to an unpatched system using the target
+     private key in a scenario with persistent DH parameters and a private
+     key that is shared between multiple clients.
+
+     This only affects processors that support the BMI1, BMI2 and ADX extensions
+     like Intel Broadwell (5th generation) and later or AMD Ryzen.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3736)
+     [Andy Polyakov]
+
+  *) Malformed X.509 IPAddressFamily could cause OOB read
+
+     If an X.509 certificate has a malformed IPAddressFamily extension,
+     OpenSSL could do a one-byte buffer overread. The most likely result
+     would be an erroneous display of the certificate in text format.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3735)
+     [Rich Salz]
+
+  *) Ignore the '-named_curve auto' value for compatibility of applications
+     with OpenSSL 1.0.2.
+     [Tomas Mraz <tmraz@fedoraproject.org>]
+
+  *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
+     [Emilia Käsper]
+
  Changes between 1.1.0e and 1.1.0f [25 May 2017]
 
   *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
 
@@ -89,7 +89,7 @@
   sub dependmagic {
       my $target = shift;
 
-      return "$target : build_generated\n\t\pipe \$(MMS) depend && \$(MMS) _$target\n_$target";
+      return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS) depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target";
   }
   #use Data::Dumper;
   #print STDERR "DEBUG: before:\n", Dumper($unified_info{before});
@@ -144,6 +144,9 @@ BIN_SCRIPTS=[.tools]c_rehash.pl
 MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
 {- output_on() if $disabled{apps}; "" -}
 
+APPS_OPENSSL={- use File::Spec::Functions;
+                catfile("apps","openssl") -}
+
 # DESTDIR is for package builders so that they can configure for, say,
 # SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER].
 # In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run
@@ -265,8 +268,10 @@ test : tests
 {- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep
         @ ! {- output_off() if $disabled{tests}; "" -}
         SET DEFAULT [.test]{- move("test") -}
+        CREATE/DIR [.test-runs]
         DEFINE SRCTOP {- sourcedir() -}
         DEFINE BLDTOP {- builddir() -}
+        DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
         DEFINE OPENSSL_ENGINES {- builddir("engines") -}
         DEFINE OPENSSL_DEBUG_MEMORY "on"
         IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
 
@@ -113,6 +113,9 @@ BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
 MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
 {- output_on() if $disabled{apps}; "" -}
 
+APPS_OPENSSL={- use File::Spec::Functions;
+                catfile("apps","openssl") -}
+
 # DESTDIR is for package builders so that they can configure for, say,
 # /usr/ and yet have everything installed to /tmp/somedir/usr/.
 # Normally it is left empty.
@@ -241,11 +244,13 @@ test: tests
 {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils
 	@ : {- output_off() if $disabled{tests}; "" -}
 	( cd test; \
+	  mkdir -p test-runs; \
 	  SRCTOP=../$(SRCDIR) \
 	  BLDTOP=../$(BLDDIR) \
+	  RESULT_D=test-runs \
 	  PERL="$(PERL)" \
 	  EXE_EXT={- $exeext -} \
-	  OPENSSL_ENGINES=../$(BLDDIR)/engines \
+	  OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines; pwd` \
 	  OPENSSL_DEBUG_MEMORY=on \
 	    $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
 	@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@@ -592,19 +597,9 @@ doc-nits:
 lint:
 	lint -DLINT $(INCLUDES) $(SRCS)
 
-{- # because the program apps/openssl has object files as sources, and
-   # they then have the corresponding C files as source, we need to chain
-   # the lookups in %unified_info
-   my $apps_openssl = catfile("apps","openssl");
-   our @openssl_source = map { @{$unified_info{sources}->{$_}} }
-                         @{$unified_info{sources}->{$apps_openssl}};
-   ""; -}
 generate_apps:
 	( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \
 				< apps/openssl.cnf > apps/openssl-vms.cnf )
-	( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b apps/progs.pl \
-					{- join(" ", @openssl_source) -} \
-					> apps/progs.h )
 
 generate_crypto_bn:
 	( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
@@ -656,9 +651,12 @@ tags TAGS: FORCE
 
 # Release targets (note: only available on Unix) #####################
 
+# If your tar command doesn't support --owner and --group, make sure to
+# use one that does, for example GNU tar
 TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
 PREPARE_CMD=:
 tar:
+	set -e; \
 	TMPDIR=/var/tmp/openssl-copy.$$$$; \
 	DISTDIR=$(NAME); \
 	mkdir -p $$TMPDIR/$$DISTDIR; \
@@ -669,12 +667,12 @@ tar:
 	       mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
 	       cp $$F $$TMPDIR/$$DISTDIR/$$F; \
 	   done); \
-	(cd $$TMPDIR; \
+	(cd $$TMPDIR/$$DISTDIR; \
 	 $(PREPARE_CMD); \
-	 find $$TMPDIR/$$DISTDIR -type d -print | xargs chmod 755; \
-	 find $$TMPDIR/$$DISTDIR -type f -print | xargs chmod a+r; \
-	 find $$TMPDIR/$$DISTDIR -type f -perm -0100 -print | xargs chmod a+x; \
-	 $(TAR_COMMAND) $$DISTDIR) \
+	 find . -type d -print | xargs chmod 755; \
+	 find . -type f -print | xargs chmod a+r; \
+	 find . -type f -perm -0100 -print | xargs chmod a+x); \
+	(cd $$TMPDIR; $(TAR_COMMAND) $$DISTDIR) \
 	| (cd $(SRCDIR); gzip --best > $(TARFILE).gz); \
 	rm -rf $$TMPDIR
 	cd $(SRCDIR); ls -l $(TARFILE).gz
@@ -900,6 +898,7 @@ EOF
       my $shlib_target = $target{shared_target};
       my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
       my $target = shlib_simple($lib);
+      my $target_full = shlib($lib);
       return <<"EOF"
 # With a build on a Windows POSIX layer (Cygwin or Mingw), we know for a fact
 # that two files get produced, {shlibname}.dll and {libname}.dll.a.
@@ -914,11 +913,11 @@ $target: $lib$libext $deps $ordinalsfile
 		PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
 		INSTALLTOP='\$(INSTALLTOP)' LIBDIR='\$(LIBDIR)' \\
 		LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
-		LIBNAME=$libname LIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\
-		LIBCOMPATVERSIONS=';\$(SHLIB_VERSION_HISTORY)' \\
+		LIBNAME=$libname SHLIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\
+		STLIBNAME=$lib$libext \\
+		SHLIBNAME=$target SHLIBNAME_FULL=$target_full \\
 		CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(LIB_CFLAGS)' \\
-		LDFLAGS='\$(LDFLAGS)' \\
-		SHARED_LDFLAGS='\$(LIB_LDFLAGS)' SHLIB_EXT=$shlibext \\
+		LDFLAGS='\$(LDFLAGS)' SHARED_LDFLAGS='\$(LIB_LDFLAGS)' \\
 		RC='\$(RC)' SHARED_RCFLAGS='\$(RCFLAGS)' \\
 		link_shlib.$shlib_target
 EOF
@@ -931,28 +930,26 @@ EOF
   }
   sub obj2dso {
       my %args = @_;
-      my $lib = $args{lib};
-      my $libd = dirname($lib);
-      my $libn = basename($lib);
-      (my $libname = $libn) =~ s/^lib//;
+      my $dso = $args{lib};
+      my $dsod = dirname($dso);
+      my $dson = basename($dso);
       my $shlibdeps = join("", map { my $d = dirname($_);
                                      my $f = basename($_);
                                      (my $l = $f) =~ s/^lib//;
                                      " -L$d -l$l" } @{$args{deps}});
       my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
       my $shlib_target = $target{shared_target};
       my $objs = join(" ", map { $_.$objext } @{$args{objs}});
-      my $target = dso($lib);
+      my $target = dso($dso);
       return <<"EOF";
 $target: $objs $deps
 	\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
 		PLATFORM=\$(PLATFORM) \\
-		PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
+		PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$dsod" \\
 		LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\
-		LIBNAME=$libname LDFLAGS='\$(LDFLAGS)' \\
+		SHLIBNAME_FULL=$target LDFLAGS='\$(LDFLAGS)' \\
 		CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\
 		SHARED_LDFLAGS='\$(DSO_LDFLAGS)' \\
-		SHLIB_EXT=$dsoext \\
 		LIBEXTRAS="$objs" \\
 		link_dso.$shlib_target
 EOF