Land #752, Update CI actions

author: Brent Cook <busterb@gmail.com> 2022-05-09 01:29:28 -0500
committer: Brent Cook <busterb@gmail.com> 2022-05-09 01:29:28 -0500
commit: a0044d5a36252d82b0f7b2f1550f7fff701a484a (patch)
tree: 57ecac03b703abb72e1ec8117fcc515982fc7e7a
parent: 5e974ea695aa57965c3037c787850012e188dfdb (diff)
parent: ff798b2a33d89679ac6c25a4773b91c6a26cd015 (diff)
download: portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.tar.gz
portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.tar.bz2
portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.zip
8 files changed, 82 insertions, 15 deletions
diff --git a/.github/workflows/macos_test.yml b/.github/workflows/macos_test.yml
index 29e6cdc..6e7adac 100644
--- a/.github/workflows/macos_test.yml
+++ b/.github/workflows/macos_test.yml
@@ -6,7 +6,7 @@ jobs:
  build-native:
    strategy:
      matrix:
-        os: [macos-latest]
+        os: [macos-12, macos-11]
        compiler: [clang, gcc]
    runs-on: ${{ matrix.os }}
    continue-on-error: false
diff --git a/ChangeLog b/ChangeLog
index b58f52d..e4dc7ad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,63 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+3.5.2 - Stable release
+        * Bug fixes
+          - Avoid single byte overread in asn1_parse2().
+          - Allow name constraints with a leading dot. From Alex Wilson.
+          - Relax a check in x509_constraints_dirname() to allow prefixes.
+            From Alex Wilson.
+          - Fix NULL dereferences in openssl(1) cms option parsing.
+          - Do not zero the computed cofactor on ec_guess_cofactor() success.
+          - Bound cofactor in EC_GROUP_set_generator() to reduce the number of
+            bogus groups that can be described with nonsensical parameters.
+          - Avoid various potential segfaults in EVP_PKEY_CTX_free() in low
+            memory conditions. Reported for HMAC by Masaru Masuda.
+          - Plug leak in ASN1_TIME_adj_internal().
+          - Avoid infinite loop for custom curves of order 1.
+            Issue reported by Hanno Boeck, comments by David Benjamin.
+          - Avoid an infinite loop on parsing DSA private keys by validating
+            that the provided parameters conform to FIPS 186-4.
+            Issue reported by Hanno Boeck, comments by David Benjamin.
+        * Compatibility improvements
+          - Allow non-standard name constraints of the form @domain.com.
+        * Internal improvements
+          - Limit OID text conversion to 64 bits per arc.
+          - Clean up and simplify memory BIO code.
+          - Reduce number of memmove() calls in memory BIOs.
+          - Factor out alert handling code in the legacy stack.
+          - Add sanity checks on p and q in old_dsa_priv_decode()
+          - Cache the SHA-512 hash instead of the SHA-1 for CRLs.
+          - Suppress various compiler warnings for old gcc versions.
+          - Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i().
+          - Rework ownership handling in x509_constraints_validate().
+          - Rework ASN1_STRING_set().
+          - Remove const from tls1_transcript_hash_value().
+          - Clean up and simplify ssl3_renegotiate{,_check}().
+          - Rewrite legacy TLS and DTLS unexpected handshake message handling.
+          - Simplify SSL_do_handshake().
+          - Rewrite ASCII/text to ASN.1 object conversion.
+          - Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj().
+          - Split armv7 and aarch64 code into separate locations.
+          - Rewrote openssl(1) ts to use the new option handling and cleaned
+            up the C code.
+          - Provide asn1_get_primitive().
+          - Convert {c2i,d2i}_ASN1_OBJECT() to CBS.
+          - Remove the minimum record length checks from dtls1_read_bytes().
+          - Clean up {dtls1,ssl3}_read_bytes().
+          - Be more careful with embedded and terminating NULs in the new
+            name constraints code.
+          - Check EVP_Digest* return codes in openssl(1) ts
+          - Various minor code cleanup in openssl(1) pkcs12
+          - Use calloc() in pkey_hmac_init().
+          - Simplify priv_key handling in d2i_ECPrivateKey().
+        * Documentation improvements
+          - Update d2i_ASN1_OBJECT(3) documentation to reflect reality after
+            refactoring and bug fixes.
+          - Fixed numerous minor grammar, spelling, wording, and punctuation
+            issues.
 3.5.1 - Security release
        * A malicious certificate can cause an infinite loop.
diff --git a/apps/nc/compat/sys/socket.h b/apps/nc/compat/sys/socket.h
index 13eb380..2c7ee4f 100644
--- a/apps/nc/compat/sys/socket.h
+++ b/apps/nc/compat/sys/socket.h
@@ -6,8 +6,7 @@
 #ifndef _WIN32
 #include_next <sys/socket.h>
-#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC)
+#if defined(NEED_SOCKET_FLAGS)
-#define NEED_SOCKET_FLAGS
 int _socket(int domain, int type, int protocol);
 #ifndef SOCKET_FLAGS_PRIV
 #define socket(d, t, p) _socket(d, t, p)
diff --git a/appveyor.yml b/appveyor.yml
index bdb8001..33a32da 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,26 +1,26 @@
 image:
-  - Previous Visual Studio 2019
+  - Visual Studio 2019
 environment:
  PATH: C:\msys64\usr\bin;C:\msys64\mingw64\bin;C:\Windows\System32;C:\Windows;%PATH%
  matrix:
-    - APPVEYOR_BUILD_WORKER_IMAGE: Previous Visual Studio 2019
+    - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019
      GENERATOR: Visual Studio 16 2019
      ARCHITECTURE: Win32
      CONFIG: Release
      SHARED_LIBS: ON
-    - APPVEYOR_BUILD_WORKER_IMAGE: Previous Visual Studio 2019
+    - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019
      GENERATOR: Visual Studio 16 2019
      ARCHITECTURE: Win32
      CONFIG: Release
      SHARED_LIBS: OFF
-    - APPVEYOR_BUILD_WORKER_IMAGE: Previous Visual Studio 2019
+    - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019
      GENERATOR: Visual Studio 16 2019
      ARCHITECTURE: x64
      CONFIG: Release
      SHARED_LIBS: ON
-    - APPVEYOR_BUILD_WORKER_IMAGE: Previous Visual Studio 2019
+    - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019
      GENERATOR: Visual Studio 16 2019
      ARCHITECTURE: x64
      CONFIG: Release
diff --git a/include/compat/sys/socket.h b/include/compat/sys/socket.h
index 10eb05f..2f0b197 100644
--- a/include/compat/sys/socket.h
+++ b/include/compat/sys/socket.h
@@ -10,6 +10,7 @@
 #endif
 #if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC)
+#define NEED_SOCKET_FLAGS
 #define SOCK_CLOEXEC            0x8000  /* set FD_CLOEXEC */
 #define SOCK_NONBLOCK           0x4000  /* set O_NONBLOCK */
 int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]);
diff --git a/scripts/test b/scripts/test
index 80fa988..f2f0cb8 100755
--- a/scripts/test
+++ b/scripts/test
@@ -20,24 +20,24 @@ if [ "x$ARCH" = "xnative" ]; then
        # test cmake and ninja
        if [ `uname` = "Darwin" ]; then
                cmake ..
-                make
+                make -j 4
                make test
                cd ../build-shared
                cmake -DBUILD_SHARED_LIBS=ON ..
-                make
+                make -j 4
                make test
        else
                sudo apt-get update
                sudo apt-get install -y cmake ninja-build
                cmake -GNinja ..
-                ninja
+                ninja -j 4
                ninja test
                cd ../build-shared
                cmake -GNinja -DBUILD_SHARED_LIBS=ON ..
-                ninja
+                ninja -j 4
                ninja test
        fi
@@ -58,21 +58,21 @@ elif [ "x$ARCH" = "xmingw32" -o "x$ARCH" = "xmingw64" ]; then
        fi
        ./configure --host=$CPU-w64-mingw32
-        make -j
+        make -j 4
        (
         rm -fr build-static
         mkdir build-static
         cd build-static
         cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=../scripts/$CPU-w64-mingw32.cmake ..
-         ninja
+         ninja -j 4
        )
        (
         rm -fr build-shared
         mkdir build-shared
         cd build-shared
         cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=../scripts/$CPU-w64-mingw32.cmake -DBUILD_SHARED_LIBS=ON ..
-         ninja
+         ninja -j 4
        )
 elif [ "x$ARCH" = "xarm32" -o "x$ARCH" = "xarm64" ]; then
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 7c80002..e6cb2bc 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -341,6 +341,11 @@ add_executable(mont mont.c)
 target_link_libraries(mont ${OPENSSL_TEST_LIBS})
 add_test(mont mont)
+# objectstest
+add_executable(objectstest objectstest.c)
+target_link_libraries(objectstest ${OPENSSL_TEST_LIBS})
+add_test(objectstest objectstest)
 # ocsp_test
 if(ENABLE_EXTRATESTS)
        add_executable(ocsp_test ocsp_test.c)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index e58c0c0..6c88c90 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -354,6 +354,11 @@ TESTS += mont
 check_PROGRAMS += mont
 mont_SOURCES = mont.c
+# objectstest
+TESTS += objectstest
+check_PROGRAMS += objectstest
+objectstest_SOURCES = objectstest.c
 # ocsp_test
 if ENABLE_EXTRATESTS
 TESTS += ocsptest.sh
author	Brent Cook <busterb@gmail.com>	2022-05-09 01:29:28 -0500
committer	Brent Cook <busterb@gmail.com>	2022-05-09 01:29:28 -0500
commit	a0044d5a36252d82b0f7b2f1550f7fff701a484a (patch)
tree	57ecac03b703abb72e1ec8117fcc515982fc7e7a
parent	5e974ea695aa57965c3037c787850012e188dfdb (diff)
parent	ff798b2a33d89679ac6c25a4773b91c6a26cd015 (diff)
download	portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.tar.gz portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.tar.bz2 portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.zip