Configurations/20-debian.conf | 169 169 + 0 - 0 !
1 file changed, 169 insertions(+)

 debian-targets

Configurations/unix-Makefile.tmpl | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 man-section

Configurations/shared-info.pl | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 no-symbolic

crypto/des/asm/desboth.pl | 17 14 + 3 - 0 !
crypto/perlasm/cbc.pl | 24 20 + 4 - 0 !
crypto/perlasm/x86gas.pl | 16 16 + 0 - 0 !
crypto/x86cpuid.pl | 10 5 + 5 - 0 !
4 files changed, 55 insertions(+), 12 deletions(-)

 pic

tools/c_rehash.in | 19 8 + 11 - 0 !
1 file changed, 8 insertions(+), 11 deletions(-)

 also create old hash for compatibility

Configurations/10-main.conf | 2 1 + 1 - 0 !
Configure | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 configure: allow to enable ktls if target does not start with linux

The Debian build system uses a `debian' target which sets CFLAGS and
then we have for instance debian-amd64 which inherits from
linux-x86_64 and debian. So far so good.

Since the target name does not start with `linux', the build system does not
enable ktls. So in order to get enabled, I
added a
        `enable           => [ "ktls" ],'
to the generic linux config which sets it explicit). Having this set, we can
check for it instead matching the target name.

This commit is based on changes for afalgeng in commit
   9e381e8a01859 ("Configure: allow to enable afalgeng if target does not start with Linux")

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

apps/openssl.cnf | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 remove the provider section.

The provider section breaks libssl1.1 users. Remove it for now.

Link: https://bugs.debian.org/1011051
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

crypto/conf/conf_ssl.c | 35 32 + 3 - 0 !
1 file changed, 32 insertions(+), 3 deletions(-)

 conf: serialize allocation/free of ssl_names.

The access to `ssl_names' is not fully serialized. With multiple threads
it is possible that more than one thread starts to clean up `ssl_names'.
This leads to occasional segfaults if more than one terminates and
performs the clean up.

Fixes: #19243

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

test/ssl-tests/12-ct.cnf | 24 12 + 12 - 0 !
test/ssl-tests/12-ct.cnf.in | 12 12 + 0 - 0 !
test/ssl-tests/14-curves.cnf | 240 120 + 120 - 0 !
test/ssl-tests/14-curves.cnf.in | 9 6 + 3 - 0 !
test/ssl-tests/22-compression.cnf | 32 16 + 16 - 0 !
test/ssl-tests/22-compression.cnf.in | 16 16 + 0 - 0 !
test/sslapitest.c | 24 17 + 7 - 0 !
7 files changed, 199 insertions(+), 158 deletions(-)

 fix tests for new default security level

Fix tests that were expecting a default security level of 1 to work with
the new default of 2.

crypto/x509/by_store.c | 18 13 + 5 - 0 !
1 file changed, 13 insertions(+), 5 deletions(-)

 revert "drop "by store"'s by_store_subject_ex()"

This reverts commit 7141330fb98ce ("Drop "by store"'s by_store_subject_ex()").

Avoid crashes in users, see https://bugs.debian.org/1110254

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

crypto/x509/by_store.c | 111 27 + 84 - 0 !
1 file changed, 27 insertions(+), 84 deletions(-)

 revert "rework the "by store" x509_lookup method to open the given
 URI early"

This reverts commit 340383f5f49f8 ("Rework the "by store" X509_LOOKUP method to open the given URI early")

Avoid crashes in users, see https://bugs.debian.org/1110254

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

test/recipes/25-test_verify.t | 39 5 + 34 - 0 !
1 file changed, 5 insertions(+), 34 deletions(-)

 revert "add test_verify tests"

This reverts commit a468bdb02531e ("Add test_verify tests")

Avoid crashes in users, see https://bugs.debian.org/1110254

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>