[openssl] master update
The branch master has been updated via a65c8d8f737fe4e67d0b37e2b20dc1adccd93112 (commit) from 96d6a4e4464c3dec9cdf2c6fb59d737c8cb1be49 (commit) - Log - commit a65c8d8f737fe4e67d0b37e2b20dc1adccd93112 Author: Todd Short Date: Fri Jul 23 09:25:09 2021 -0400 Add missing session timeout calc Fixes #16142 Add missing session timeout calculation in `ssl_get_new_session()` Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16145) --- Summary of changes: ssl/ssl_sess.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index b526984289..0e756c37c1 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -437,6 +437,7 @@ int ssl_get_new_session(SSL *s, int session) ss->timeout = SSL_get_default_timeout(s); else ss->timeout = s->session_ctx->session_timeout; +ssl_session_calculate_timeout(ss); SSL_SESSION_free(s->session); s->session = NULL;
[openssl] master update
The branch master has been updated
via 96d6a4e4464c3dec9cdf2c6fb59d737c8cb1be49 (commit)
via ca7cac886b0f1084acfe2e07135acd212415e2bd (commit)
via 589fbc18aa5e72b2574a71d69c09b4f63f0ae943 (commit)
via 123ed334337e874acb1f55b36dc671de7e306824 (commit)
via 09f38299ccc006e0ce7e94897250e995ec2fc337 (commit)
from 2a7855fb2596048e5038afa5e49a02853297df6d (commit)
- Log -
commit 96d6a4e4464c3dec9cdf2c6fb59d737c8cb1be49
Author: Pauli
Date: Wed Jul 28 09:52:23 2021 +1000
test: add a comment indication that a bad MAC is intentional
This permits negative testing of FIPS module load failure.
Also changed the MAC to all zeros to make it even clearer.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/16168)
commit ca7cac886b0f1084acfe2e07135acd212415e2bd
Author: Matt Caswell
Date: Tue Jul 27 16:36:41 2021 +0100
Add some testing for the case where the FIPS provider fails to load
Ensure we get correct behaviour in the event that an attempt is made
to load the fips provider but it fails to load.
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16168)
commit 589fbc18aa5e72b2574a71d69c09b4f63f0ae943
Author: Matt Caswell
Date: Tue Jul 27 16:59:59 2021 +0100
Don't try and load the config file while already loading the config file
Calls to the API function EVP_default_properties_enable_fips() will
automatically attempt to load the default config file if it is not
already loaded. Therefore this function should not be called from inside
code to process the config file.
Fixes #16165
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16168)
commit 123ed334337e874acb1f55b36dc671de7e306824
Author: Matt Caswell
Date: Tue Jul 27 16:36:24 2021 +0100
Ensure any default_properties still apply even in the event of a provider
load failure
We don't treat a failure to load a provider as a fatal error. If it is
fatal then
we give up attempting to load the config file - including reading any
default
properties. Additionally if an attempt has been made to load a provider
then we
disable fallback loading.
Fixes #16166
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16168)
commit 09f38299ccc006e0ce7e94897250e995ec2fc337
Author: Matt Caswell
Date: Tue Jul 27 16:31:20 2021 +0100
Don't leak the OSSL_LIB_CTX in the event of a failure to load the FIPS
module
Ensure we free the OSSL_LIB_CTX on the error path.
Fixes #16163
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16168)
---
Summary of changes:
crypto/evp/evp_cnf.c | 4 +--
crypto/evp/evp_fetch.c| 17
crypto/provider_conf.c| 16 ++-
include/crypto/evp.h | 2 ++
providers/fips/fipsprov.c | 1 +
test/defltfips_test.c | 39 +++
test/{fips.cnf => fips-alt.cnf} | 2 +-
test/recipes/30-test_defltfips.t | 19 ++---
test/recipes/30-test_defltfips/fipsmodule.cnf | 7 +
9 files changed, 84 insertions(+), 23 deletions(-)
copy test/{fips.cnf => fips-alt.cnf} (91%)
create mode 100644 test/recipes/30-test_defltfips/fipsmodule.cnf
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 415712dffa..0e7fe64cf9 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -46,8 +46,8 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
* fips_mode is deprecated and should not be used in new
* configurations.
*/
-if (!EVP_default_properties_enable_fips(NCONF_get0_libctx((CONF
*)cnf),
-m > 0)) {
+if (!evp_default_properties_enable_fips_int(
+NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
return 0;
}
diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c
index 3067928030..5303cf8859 100644
--- a/crypto/evp/evp_fetch.c
+++ b/crypto/evp/evp_fetch.c
@@ -479,15 +479,16 @@ int EVP_set_default_properties(OSSL_LIB_CTX *libctx,
const char *propq)
return evp_set_default_properties_int(libctx, propq, 1, 0);
}
-static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char
*propq)
+static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char
*propq,
+
[openssl] master update
The branch master has been updated
via 2a7855fb2596048e5038afa5e49a02853297df6d (commit)
via 1ad435039333a09b31d7c569b822bd5d936b8105 (commit)
via cb7055fd5ad9bf5c84d4480b7dbbcfb1cb242fc9 (commit)
via 64d9b626aae49154bd44edf8fb1a3eca133445a3 (commit)
via 09755337d5b907565d3b8a9ee8b33a2c60616c0a (commit)
from 03c2f21b980524dc05a0426146f845ec1e969c2e (commit)
- Log -
commit 2a7855fb2596048e5038afa5e49a02853297df6d
Author: Pauli
Date: Mon Jul 26 12:54:50 2021 +1000
ci: disable async for the SH4 build and reenable the associated test
The platform doesn't seem to have support for this.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/16144)
commit 1ad435039333a09b31d7c569b822bd5d936b8105
Author: Pauli
Date: Mon Jul 26 11:57:48 2021 +1000
ci: get rid of no-asm flag to m68k cross compiles
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/16144)
commit cb7055fd5ad9bf5c84d4480b7dbbcfb1cb242fc9
Author: Pauli
Date: Mon Jul 26 11:54:12 2021 +1000
ci: add the param conversion tests to the cross compiles.
There was a failure because an "inf" values was being read as a "NaN" not an
infinity.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/16144)
commit 64d9b626aae49154bd44edf8fb1a3eca133445a3
Author: Pauli
Date: Fri Jul 23 11:48:32 2021 +1000
QEMU: include test runs for most cross compilation targets
For the cross compiles where the tests couldn't be run, most are capable
of being run when statically linked. For these, a shared with FIPS build
but not test run is also included to maximise compilation coverage.
The builds take a couple of minutes so the impact of these extra jobs
isn't great.
The test failures for test_includes, test_store and test_x509_store
across several platforms are related the the OPENSSL_DIR_read() call.
This gets a "Value too large for defined data type" error calling the
standard library's readdir() wrapper. That is, the failure is during
the translation from the x86-64 structure to the 32 bit structure.
I've tried tweaking the include defines to use larger fields but couldn't
figure out how to make it work. The most prudent fix is to ignore these
tests for these platforms.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/16144)
commit 09755337d5b907565d3b8a9ee8b33a2c60616c0a
Author: Pauli
Date: Mon Jul 26 11:53:23 2021 +1000
test: handle not a number (NaN) values in the param conversion test.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/16144)
---
Summary of changes:
.github/workflows/cross-compiles.yml | 62 +---
test/params_conversion_test.c| 24 --
2 files changed, 73 insertions(+), 13 deletions(-)
diff --git a/.github/workflows/cross-compiles.yml
b/.github/workflows/cross-compiles.yml
index 6b4505c5db..514a4fbabe 100644
--- a/.github/workflows/cross-compiles.yml
+++ b/.github/workflows/cross-compiles.yml
@@ -14,6 +14,8 @@ jobs:
# libs: the Debian package for the necessary link/runtime libraries.
# target: the OpenSSL configuration target to use, this is passed
# directly to the config command line.
+# fips: set to "no" to disable building FIPS, leave unset to
+# build the FIPS provider.
# tests: omit this to run all the tests using QEMU, set it to "none"
# to never run the tests, otherwise it's value is passed to
# the "make test" command to allow selectiving disabling of
@@ -40,23 +42,26 @@ jobs:
}, {
arch: hppa-linux-gnu,
libs: libc6-dev-hppa-cross,
-target: linux-generic32,
-tests: none #-test_includes -test_store -test_x509_store
+target: -static linux-generic32,
+fips: no,
+tests: -test_includes -test_store -test_x509_store
}, {
arch: m68k-linux-gnu,
libs: libc6-dev-m68k-cross,
-target: linux-latomic no-asm,
-tests: none #-test_includes -test_store -test_x509_store
-test_includes
+target: -static -m68040 linux-latomic,
+fips: no,
+tests: -test_includes -test_store -test_x509_store
}, {
arch: mips-linux-gnu,
libs: libc6-dev-mips-cross,
-target: linux-mips32,
-tests: none
+target: -static linux-mips32,
+fips: no,
+tests: -test_includes -test_store -test_x509_store
}, {
arch:
[openssl] master update
The branch master has been updated
via 03c2f21b980524dc05a0426146f845ec1e969c2e (commit)
via bb98a1123b3d7a8464f2c1f61ffd41f826c7c423 (commit)
from c6fcd88fa030da8322cf27aff95376512f41faff (commit)
- Log -
commit 03c2f21b980524dc05a0426146f845ec1e969c2e
Author: Matt Caswell
Date: Tue Jul 27 10:32:49 2021 +0100
Add a test case for EVP_MD_meth_dup() and EVP_CIPHER_meth_dup()
Check that EVP_MD_meth_free() and EVP_CIPHER_meth_free() does actually
free the data.
Reviewed-by: Dmitry Belyavskiy
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16159)
commit bb98a1123b3d7a8464f2c1f61ffd41f826c7c423
Author: Matt Caswell
Date: Mon Jul 26 15:53:25 2021 +0100
Fix EVP_MD_meth_dup and EVP_CIPHER_meth_dup
Make sure the origin is set correctly when duping an EVP_MD or EVP_CIPHER.
Fixes #16157
Reviewed-by: Dmitry Belyavskiy
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16159)
---
Summary of changes:
crypto/evp/cmeth_lib.c | 1 +
crypto/evp/evp_lib.c | 1 +
test/evp_extra_test.c | 21 -
3 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c
index 9b93550307..a806ec5f9e 100644
--- a/crypto/evp/cmeth_lib.c
+++ b/crypto/evp/cmeth_lib.c
@@ -50,6 +50,7 @@ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher)
memcpy(to, cipher, sizeof(*to));
to->lock = lock;
+to->origin = EVP_ORIG_METH;
}
return to;
}
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index f78df52ab1..64d7fb046d 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -823,6 +823,7 @@ EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
memcpy(to, md, sizeof(*to));
to->lock = lock;
+to->origin = EVP_ORIG_METH;
}
return to;
}
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 7494c1f21b..e03e2a252e 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -3690,7 +3690,25 @@ static int test_custom_pmeth(int idx)
custom_pmeth = NULL;
return testresult;
}
-#endif
+
+static int test_evp_md_cipher_meth(void)
+{
+EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
+EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
+int testresult = 0;
+
+if (!TEST_ptr(md) || !TEST_ptr(ciph))
+goto err;
+
+testresult = 1;
+
+ err:
+EVP_MD_meth_free(md);
+EVP_CIPHER_meth_free(ciph);
+
+return testresult;
+}
+#endif /* OPENSSL_NO_DEPRECATED_3_0 */
typedef enum OPTION_choice {
OPT_ERR = -1,
@@ -3814,6 +3832,7 @@ int setup_tests(void)
#ifndef OPENSSL_NO_DEPRECATED_3_0
ADD_ALL_TESTS(test_custom_pmeth, 12);
+ADD_TEST(test_evp_md_cipher_meth);
#endif
return 1;
[web] master update
The branch master has been updated
via 86e6eb2e66ec9112b311616d9dbfbb7da734c6a4 (commit)
via 6340022c20721b8cde5817dc5a9caa39e2d7b232 (commit)
from 61f488185e0736cf5196efc9d5f4f4b3370b3f8e (commit)
- Log -
commit 86e6eb2e66ec9112b311616d9dbfbb7da734c6a4
Merge: 61f4881 6340022
Author: Mark J. Cox
Date: Tue Jul 27 13:06:17 2021 +0100
Merge pull request #249 from iamamoose/fixpgp
SKS keyservers have been offline for a while, so switch to OpenPGP
commit 6340022c20721b8cde5817dc5a9caa39e2d7b232
Author: Mark J. Cox
Date: Tue Jul 27 12:07:40 2021 +0100
SKS keyservers have been offline for a while, so switch to
keys.openpgp.org
---
Summary of changes:
bin/mk-omc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/mk-omc b/bin/mk-omc
index e6dee11..24144df 100755
--- a/bin/mk-omc
+++ b/bin/mk-omc
@@ -60,7 +60,7 @@ foreach my $key (sort { mk_sortable($a) cmp mk_sortable($b) }
keys %data) {
my $pgpurl = $data{$key}->{pgpid} if $options{pgp};
$pgpurl =~ s|\s+||g if $pgpurl;
$pgpurl =
-
"http://pool.sks-keyservers.net:11371/pks/lookup?op=get=0x$pgpurl;
+ "https://keys.openpgp.org/search?q=$pgpurl;
if $pgpurl;
my @columndata = ();
[openssl] master update
The branch master has been updated
via c6fcd88fa030da8322cf27aff95376512f41faff (commit)
from 26411bc8879bf979e3703357e9595de057528e28 (commit)
- Log -
commit c6fcd88fa030da8322cf27aff95376512f41faff
Author: Matt Caswell
Date: Tue Jul 20 16:18:04 2021 +0100
Mark the EVP_PKEY_METHOD arg as const on some EVP_PKEY_meth_get_*() funcs
Most EVP_PKEY_meth_get_*() functions mark the EVP_PKEY_METHOD argument as
const. But 3 did not. We fix those to be consistent.
Reviewed-by: Tomas Mraz
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/16128)
---
Summary of changes:
crypto/evp/pmeth_lib.c | 6 +++---
doc/man3/EVP_PKEY_meth_new.pod | 6 +++---
include/openssl/evp.h | 6 +++---
test/evp_extra_test.c | 2 +-
4 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 7b835a5eb6..954166caae 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -1990,7 +1990,7 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
*pctrl_str = pmeth->ctrl_str;
}
-void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_digestsign(const EVP_PKEY_METHOD *pmeth,
int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen))
{
@@ -1998,7 +1998,7 @@ void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
*digestsign = pmeth->digestsign;
}
-void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_digestverify(const EVP_PKEY_METHOD *pmeth,
int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen))
@@ -2028,7 +2028,7 @@ void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD
*pmeth,
*pcheck = pmeth->param_check;
}
-void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_digest_custom(const EVP_PKEY_METHOD *pmeth,
int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx))
{
diff --git a/doc/man3/EVP_PKEY_meth_new.pod b/doc/man3/EVP_PKEY_meth_new.pod
index d07ec1a637..06404079ab 100644
--- a/doc/man3/EVP_PKEY_meth_new.pod
+++ b/doc/man3/EVP_PKEY_meth_new.pod
@@ -220,13 +220,13 @@ L:
int (**pctrl_str) (EVP_PKEY_CTX *ctx,
const char *type,
const char *value));
- void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+ void EVP_PKEY_meth_get_digestsign(const EVP_PKEY_METHOD *pmeth,
int (**digestsign) (EVP_MD_CTX *ctx,
unsigned char *sig,
size_t *siglen,
const unsigned char
*tbs,
size_t tbslen));
- void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+ void EVP_PKEY_meth_get_digestverify(const EVP_PKEY_METHOD *pmeth,
int (**digestverify) (EVP_MD_CTX *ctx,
const unsigned char
*sig,
size_t siglen,
@@ -238,7 +238,7 @@ L:
int (**pcheck) (EVP_PKEY *pkey));
void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
int (**pcheck) (EVP_PKEY *pkey));
- void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+ void EVP_PKEY_meth_get_digest_custom(const EVP_PKEY_METHOD *pmeth,
int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX
*mctx));
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 1c8ce48773..1850381720 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -2117,11 +2117,11 @@ OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_ctrl
int (**pctrl_str) (EVP_PKEY_CTX *ctx, const char *type,
const char *value));
OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digestsign
-(EVP_PKEY_METHOD *pmeth,
+(const EVP_PKEY_METHOD *pmeth,
int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen));
OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digestverify
-(EVP_PKEY_METHOD *pmeth,
+(const EVP_PKEY_METHOD *pmeth,
int (**digestverify)
[web] master update
The branch master has been updated
via 61f488185e0736cf5196efc9d5f4f4b3370b3f8e (commit)
from 539bea014de78db5ff5b0785a46bfd7647b0b589 (commit)
- Log -
commit 61f488185e0736cf5196efc9d5f4f4b3370b3f8e
Author: Richard Levitte
Date: Tue Jul 27 09:55:07 2021 +0200
Simplify the CDN purge
Our CDN (Akamai) purge script was run as a standalone automation, in
parallell with the automatic 'make' run. The consequence was that the
CDN could catch a copy of our original web pages in a semi built state,
as demonstrated by openssl/openssl#16152.
The solution is the ensure that the purge is run in sequence after
everything is built. We simplify this further by moving the actual
script into the web source.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/web/pull/248)
---
Summary of changes:
Makefile | 7 +++--
bin/purge-one-hour | 90 --
2 files changed, 93 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 32b9244..fb15dad 100644
--- a/Makefile
+++ b/Makefile
@@ -56,15 +56,18 @@ SRCLISTS = $(foreach S,$(FUTURESERIES) $(SERIES)
$(OLDSERIES2) fips,source/old/$
@rm -f $@
./bin/md-to-html5 $<
-all: suball manmaster mancross
+all: suball manmaster mancross akamai-purge
suball: $(SIMPLE) $(SRCLISTS)
-relupd: suball manpages mancross
+relupd: suball manpages mancross akamai-purge
clean:
rm -f $(SIMPLE) $(SRCLISTS)
+akamai-purge:
+ ./bin/purge-one-hour
+
# Legacy targets
hack-source_htaccess: all
simple: all
diff --git a/bin/purge-one-hour b/bin/purge-one-hour
index 5e10e49..895967f 100755
--- a/bin/purge-one-hour
+++ b/bin/purge-one-hour
@@ -1,3 +1,89 @@
-#! /bin/sh
+#! /usr/bin/perl
+#
+# script to purge the Akamai cache.
+#
+# Notes:
+#
+# - we limit the purging to files newer than an hour
+# - there must be a file ~openssl/.edgerc with our Akamai credentials
+# - the Akamai supplied program 'akamai-purge' must be installed in
+# /usr/local/bin
-/opt/openssl/maker/triggered-makers/akamai-purge
+use strict;
+use warnings;
+
+# Find all .html files that include a .inc file, and create a map
+my %inc2html = ();
+
+my $debug = $ENV{DEBUG};
+my $dryrun = $ENV{DRYRUN};
+
+my $base = '/var/www/openssl'; # MUST NOT end with a slash
+
+foreach ( `find $base -type f -name '*.html'` ) {
+chomp;
+my $file = $_;
+my ($dn, $fn) = $_ =~ m/^(?:(.*)\/)?([^\/]*)$/;
+my @incs = ();
+
+open HTML, $_;
+foreach ( ) {
+ if (//) {
+ my $vf = $1;
+ $vf = ($vf =~ m|^/|) ? "$base$vf" : "$dn/$vf";
+ push @incs, "$vf";
+ }
+}
+close HTML;
+
+foreach ( @incs ) {
+ push @{$inc2html{$_}}, $file;
+}
+}
+
+if ($debug) {
+for ( sort keys %inc2html ) {
+ print STDERR "DEBUG: $_ => ", join(", ", @{$inc2html{$_}}), "\n";
+}
+}
+
+# Find all files younger than an hour
+# Discard those in .git/ and bin/
+# Discard any .ht*
+# For any virtually included file, use the corresponding .html file instead
+# For all remaining files, turn it into a valid URL
+# For any valid index file, duplicate into two URLs without the file,
+#one with an ending slash and one without.
+my %files = ();
+
+foreach ( `find $base -type f -mtime -2` ) {
+chomp;
+next if /^\Q$base\E\/(\.git|bin)/;
+next if /\/\.ht\w+$/;
+my $x = $_;
+my @files = defined $inc2html{$x} ? @{$inc2html{$x}} : ( $x );
+foreach ( @files ) {
+ s/^\Q$base\E\//https:\/\/www.openssl.org\//;
+ $files{$_} = 1;
+ if ( /^(.*)\/index.(html|cgi|pl|php|xhtml|htm)$/ ) {
+ $files{"$1/"} = $files{"$1"} = 1;
+ }
+}
+}
+
+# Finally, output the result to the akamai-purge program
+my @files = sort keys %files;
+while ( @files ) {
+my $count = 500; # Try not to overwhelm Akamai
+if ( $dryrun || open PURGE, '| /usr/local/bin/akamai-purge invalidate' ) {
+ printf STDERR
+ "DEBUG: Invoking '/usr/local/bin/akamai-purge invalidate' with:\n"
+ if $debug;
+ while ( @files && $count-- > 0 ) {
+ my $file = pop @files;
+ print STDERR " ",$file,"\n" if $debug;
+ print PURGE $file,"\n" unless $dryrun;
+ }
+ close PURGE unless $dryrun;
+}
+}
Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DavDb_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGNr7Zz4kt39z4EEycNzwwoD5GvTaBiKjjikrHwT4wrfoP3Si3ViDyBExjFnPC5gk7SDR32NTDD5YYnJZmrgU3By0YG46mmhBPaJL97-2F6flbK1jr3P5cdX-2FbhfSz5rZDxGXHaU3PfXFp-2B8-2FWGq8hkIiQ2M9TJ2DZrI08gx0ulRsadJazGmnvQIwzRSlWCY3Wd4-3D Build ID: 399072 Analysis Summary: New defects found: 0 Defects eliminated: 0
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DDBJ3_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH3vm906luUSw7s4b93pdYRUemPvs2e-2BV8wgq7zSy5-2B-2FF9Mnd1Ze5lXnHTMM0ywR7eNal2LfAUqwzHoqXBiQ-2BjloNoW3cwSGW79I1NA-2Fda04qTOB5Gp0IITy4exV8tTYu04ETuIThHk9TD0i6sxPpH8swy8Y3sdePmdBaeS4F7svRFi35WHvkgpyvxoAa0Gu9w-3D Build ID: 399071 Analysis Summary: New defects found: 0 Defects eliminated: 0
