From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] openssl: Update to version 3.3.0
Date: Thu, 23 May 2024 18:04:22 +0100
Message-ID: <F8DB0272-C103-4937-A281-7C99BA0302F8@ipfire.org>
In-Reply-To: <20240521145627.291028-3-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4609818845386084790=="
List-Id: <development.lists.ipfire.org>

--===============4609818845386084790==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Ah, my favourite, OpenSSL :)

As it has bitten us in the butt before, I would strongly suggest that we re-s=
hip everything that possibly links against this.

There should not be any breaking changes in this release, and presumable we d=
on=E2=80=99t use the new QUIC stuff much (if at all), yet.

-Michael

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 21 May 2024, at 15:56, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>=20
> - Update from version 3.2.1 to 3.3.0
> - Update of rootfile
> - Changelog
>    3.3
> This release adds the following new features:
>  * Support for qlog for tracing QUIC connections has been added
>  * Added APIs to allow configuring the negotiated idle timeout for QUIC
>    connections, and to allow determining the number of additional streams
>    that can currently be created for a QUIC connection.
>  * Added APIs to allow disabling implicit QUIC event processing for QUIC SSL
>    objects
>  * Added APIs to allow querying the size and utilisation of a QUIC stream's
>    write buffer
>  * New API `SSL_write_ex2`, which can be used to send an end-of-stream (FIN)
>    condition in an optimised way when using QUIC.
>  * Limited support for polling of QUIC connection and stream objects in a
>    non-blocking manner.
>  * Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multip=
le
>    times with different output sizes.
>  * Added exporter for CMake on Unix and Windows, alongside the pkg-config
>    exporter.
>  * The BLAKE2s hash algorithm matches BLAKE2b's support for configurable
>    output length.
>  * The EVP_PKEY_fromdata function has been augmented to allow for the
>    derivation of CRT (Chinese Remainder Theorem) parameters when requested
>  * Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex()
>    using time_t which is Y2038 safe on 32 bit systems when 64 bit time
>    is enabled
>  * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms
>    config options and the respective calls to SSL[_CTX]_set1_sigalgs() and
>    SSL[_CTX]_set1_client_sigalgs() that start with `?` character are
>    ignored and the configuration will still be used.
>  * Added `-set_issuer` and `-set_subject` options to `openssl x509` to
>    override the Issuer and Subject when creating a certificate. The `-subj`
>    option now is an alias for `-set_subject`.
>  * Added several new features of CMPv3 defined in RFC 9480 and RFC 9483
>  * New option `SSL_OP_PREFER_NO_DHE_KEX`, which allows configuring a TLS1.3
>    server to prefer session resumption using PSK-only key exchange over PSK
>    with DHE, if both are available.
>  * New atexit configuration switch, which controls whether the OPENSSL_clea=
nup
>    is registered when libcrypto is unloaded.
>  * Added X509_STORE_get1_objects to avoid issues with the existing
>    X509_STORE_get0_objects API in multi-threaded applications.
> This release incorporates the following potentially significant or incompat=
ible
> changes:
>  * Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100
>  * Optimized AES-CTR for ARM Neoverse V1 and V2
>  * Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS syste=
ms
>    similar to M1/M2.
>  * Various optimizations for cryptographic routines using RISC-V vector cry=
pto
>    extensions
>  * Added assembly implementation for md5 on loongarch64
>  * Accept longer context for TLS 1.2 exporters
>  * The activate and soft_load configuration settings for providers in
>    openssl.cnf have been updated to require a value of [1|yes|true|on]
>    (in lower or UPPER case) to enable the setting. Conversely a value
>    of [0|no|false|off] will disable the setting.
>  * In `openssl speed`, changed the default hash function used with `hmac` f=
rom
>    `md5` to `sha256`.
>  * The `-verify` option to the `openssl crl` and `openssl req` will make the
>    program exit with 1 on failure.
>  * The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(), a=
nd
>    related functions have been augmented to check for a minimum length of
>    the input string, in accordance with ITU-T X.690 section 11.7 and 11.8.
>  * OPENSSL_sk_push() and sk_<TYPE>_push() functions now return 0 instead of=
 -1
>    if called with a NULL stack argument.
>  * New limit on HTTP response headers is introduced to HTTP client. The
>    default limit is set to 256 header lines.
> This release incorporates the following bug fixes and mitigations:
>  * The BIO_get_new_index() function can only be called 127 times before it
>    reaches its upper bound of BIO_TYPE_MASK and will now return -1 once its
>    exhausted.
>=20
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> config/rootfiles/common/openssl | 104 ++++++++++++++++++++++++++++++++
> lfs/openssl                     |   4 +-
> 2 files changed, 106 insertions(+), 2 deletions(-)
>=20
> diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/open=
ssl
> index a3664a521..c5cc40e1f 100644
> --- a/config/rootfiles/common/openssl
> +++ b/config/rootfiles/common/openssl
> @@ -152,6 +152,10 @@ usr/bin/openssl
> #usr/include/openssl/x509err.h
> #usr/include/openssl/x509v3.h
> #usr/include/openssl/x509v3err.h
> +#usr/lib/cmake
> +usr/lib/cmake/OpenSSL
> +usr/lib/cmake/OpenSSL/OpenSSLConfig.cmake
> +usr/lib/cmake/OpenSSL/OpenSSLConfigVersion.cmake
> #usr/lib/engines-3
> usr/lib/engines-3/afalg.so
> usr/lib/engines-3/capi.so
> @@ -769,6 +773,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html
> #usr/share/doc/openssl/html/man3/SSL_get_stream_id.html
> #usr/share/doc/openssl/html/man3/SSL_get_stream_read_state.html
> +#usr/share/doc/openssl/html/man3/SSL_get_value_uint.html
> #usr/share/doc/openssl/html/man3/SSL_get_verify_result.html
> #usr/share/doc/openssl/html/man3/SSL_get_version.html
> #usr/share/doc/openssl/html/man3/SSL_group_to_name.html
> @@ -781,6 +786,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/doc/openssl/html/man3/SSL_new.html
> #usr/share/doc/openssl/html/man3/SSL_new_stream.html
> #usr/share/doc/openssl/html/man3/SSL_pending.html
> +#usr/share/doc/openssl/html/man3/SSL_poll.html
> #usr/share/doc/openssl/html/man3/SSL_read.html
> #usr/share/doc/openssl/html/man3/SSL_read_early_data.html
> #usr/share/doc/openssl/html/man3/SSL_rstate_string.html
> @@ -992,6 +998,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/doc/openssl/html/man7/openssl-core_names.h.html
> #usr/share/doc/openssl/html/man7/openssl-env.html
> #usr/share/doc/openssl/html/man7/openssl-glossary.html
> +#usr/share/doc/openssl/html/man7/openssl-qlog.html
> #usr/share/doc/openssl/html/man7/openssl-quic.html
> #usr/share/doc/openssl/html/man7/openssl-threads.html
> #usr/share/doc/openssl/html/man7/openssl_user_macros.html
> @@ -2419,6 +2426,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/ERR_peek_last_error_func.3ossl
> #usr/share/man/man3/ERR_peek_last_error_line.3ossl
> #usr/share/man/man3/ERR_peek_last_error_line_data.3ossl
> +#usr/share/man/man3/ERR_pop.3ossl
> #usr/share/man/man3/ERR_pop_to_mark.3ossl
> #usr/share/man/man3/ERR_print_errors.3ossl
> #usr/share/man/man3/ERR_print_errors_cb.3ossl
> @@ -2587,6 +2595,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/EVP_DigestSignInit.3ossl
> #usr/share/man/man3/EVP_DigestSignInit_ex.3ossl
> #usr/share/man/man3/EVP_DigestSignUpdate.3ossl
> +#usr/share/man/man3/EVP_DigestSqueeze.3ossl
> #usr/share/man/man3/EVP_DigestUpdate.3ossl
> #usr/share/man/man3/EVP_DigestVerify.3ossl
> #usr/share/man/man3/EVP_DigestVerifyFinal.3ossl
> @@ -3588,6 +3597,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/OPENSSL_LH_delete.3ossl
> #usr/share/man/man3/OPENSSL_LH_doall.3ossl
> #usr/share/man/man3/OPENSSL_LH_doall_arg.3ossl
> +#usr/share/man/man3/OPENSSL_LH_doall_arg_thunk.3ossl
> #usr/share/man/man3/OPENSSL_LH_error.3ossl
> #usr/share/man/man3/OPENSSL_LH_flush.3ossl
> #usr/share/man/man3/OPENSSL_LH_free.3ossl
> @@ -3601,6 +3611,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/OPENSSL_LH_num_items.3ossl
> #usr/share/man/man3/OPENSSL_LH_retrieve.3ossl
> #usr/share/man/man3/OPENSSL_LH_set_down_load.3ossl
> +#usr/share/man/man3/OPENSSL_LH_set_thunks.3ossl
> #usr/share/man/man3/OPENSSL_LH_stats.3ossl
> #usr/share/man/man3/OPENSSL_LH_stats_bio.3ossl
> #usr/share/man/man3/OPENSSL_LINE.3ossl
> @@ -3699,6 +3710,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/OSSL_CMP_CR.3ossl
> #usr/share/man/man3/OSSL_CMP_CTX_build_cert_chain.3ossl
> #usr/share/man/man3/OSSL_CMP_CTX_free.3ossl
> +#usr/share/man/man3/OSSL_CMP_CTX_get0_geninfo_ITAVs.3ossl
> #usr/share/man/man3/OSSL_CMP_CTX_get0_libctx.3ossl
> #usr/share/man/man3/OSSL_CMP_CTX_get0_newCert.3ossl
> #usr/share/man/man3/OSSL_CMP_CTX_get0_newPkey.3ossl
> @@ -3763,6 +3775,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/OSSL_CMP_CTX_set_transfer_cb_arg.3ossl
> #usr/share/man/man3/OSSL_CMP_CTX_setup_CRM.3ossl
> #usr/share/man/man3/OSSL_CMP_CTX_snprint_PKIStatus.3ossl
> +#usr/share/man/man3/OSSL_CMP_HDR_get0_geninfo_ITAVs.3ossl
> #usr/share/man/man3/OSSL_CMP_HDR_get0_recipNonce.3ossl
> #usr/share/man/man3/OSSL_CMP_HDR_get0_transactionID.3ossl
> #usr/share/man/man3/OSSL_CMP_IR.3ossl
> @@ -3770,10 +3783,12 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/OSSL_CMP_ITAV_dup.3ossl
> #usr/share/man/man3/OSSL_CMP_ITAV_free.3ossl
> #usr/share/man/man3/OSSL_CMP_ITAV_get0_caCerts.3ossl
> +#usr/share/man/man3/OSSL_CMP_ITAV_get0_certProfile.3ossl
> #usr/share/man/man3/OSSL_CMP_ITAV_get0_rootCaCert.3ossl
> #usr/share/man/man3/OSSL_CMP_ITAV_get0_rootCaKeyUpdate.3ossl
> #usr/share/man/man3/OSSL_CMP_ITAV_get0_type.3ossl
> #usr/share/man/man3/OSSL_CMP_ITAV_get0_value.3ossl
> +#usr/share/man/man3/OSSL_CMP_ITAV_new0_certProfile.3ossl
> #usr/share/man/man3/OSSL_CMP_ITAV_new_caCerts.3ossl
> #usr/share/man/man3/OSSL_CMP_ITAV_new_rootCaCert.3ossl
> #usr/share/man/man3/OSSL_CMP_ITAV_new_rootCaKeyUpdate.3ossl
> @@ -3791,6 +3806,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/OSSL_CMP_LOG_WARNING.3ossl
> #usr/share/man/man3/OSSL_CMP_MSG_dup.3ossl
> #usr/share/man/man3/OSSL_CMP_MSG_free.3ossl
> +#usr/share/man/man3/OSSL_CMP_MSG_get0_certreq_publickey.3ossl
> #usr/share/man/man3/OSSL_CMP_MSG_get0_header.3ossl
> #usr/share/man/man3/OSSL_CMP_MSG_get_bodytype.3ossl
> #usr/share/man/man3/OSSL_CMP_MSG_http_perform.3ossl
> @@ -3812,6 +3828,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/OSSL_CMP_SRV_CTX_get0_cmp_ctx.3ossl
> #usr/share/man/man3/OSSL_CMP_SRV_CTX_get0_custom_ctx.3ossl
> #usr/share/man/man3/OSSL_CMP_SRV_CTX_init.3ossl
> +#usr/share/man/man3/OSSL_CMP_SRV_CTX_init_trans.3ossl
> #usr/share/man/man3/OSSL_CMP_SRV_CTX_new.3ossl
> #usr/share/man/man3/OSSL_CMP_SRV_CTX_set_accept_raverified.3ossl
> #usr/share/man/man3/OSSL_CMP_SRV_CTX_set_accept_unprotected.3ossl
> @@ -3819,6 +3836,8 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/OSSL_CMP_SRV_CTX_set_send_unprotected_errors.3ossl
> #usr/share/man/man3/OSSL_CMP_SRV_certConf_cb_t.3ossl
> #usr/share/man/man3/OSSL_CMP_SRV_cert_request_cb_t.3ossl
> +#usr/share/man/man3/OSSL_CMP_SRV_clean_transaction_cb_t.3ossl
> +#usr/share/man/man3/OSSL_CMP_SRV_delayed_delivery_cb_t.3ossl
> #usr/share/man/man3/OSSL_CMP_SRV_error_cb_t.3ossl
> #usr/share/man/man3/OSSL_CMP_SRV_genm_cb_t.3ossl
> #usr/share/man/man3/OSSL_CMP_SRV_pollReq_cb_t.3ossl
> @@ -4042,6 +4061,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/OSSL_HTTP_REQ_CTX_new.3ossl
> #usr/share/man/man3/OSSL_HTTP_REQ_CTX_set1_req.3ossl
> #usr/share/man/man3/OSSL_HTTP_REQ_CTX_set_expected.3ossl
> +#usr/share/man/man3/OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines.3ossl
> #usr/share/man/man3/OSSL_HTTP_REQ_CTX_set_max_response_length.3ossl
> #usr/share/man/man3/OSSL_HTTP_REQ_CTX_set_request_line.3ossl
> #usr/share/man/man3/OSSL_HTTP_adapt_proxy.3ossl
> @@ -4185,6 +4205,27 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/OSSL_PROVIDER_try_load_ex.3ossl
> #usr/share/man/man3/OSSL_PROVIDER_unload.3ossl
> #usr/share/man/man3/OSSL_PROVIDER_unquery_operation.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_AEAD_LIMIT_REACHED.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_APPLICATION_ERROR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_CONNECTION_ID_LIMIT_ERROR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_CONNECTION_REFUSED.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_CRYPTO_ERR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_CRYPTO_ERR_END.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_FINAL_SIZE_ERROR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_FLOW_CONTROL_ERROR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_FRAME_ENCODING_ERROR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_INTERNAL_ERROR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_INVALID_TOKEN.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_KEY_UPDATE_ERROR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_NO_ERROR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_NO_VIABLE_PATH.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_PROTOCOL_VIOLATION.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_STREAM_LIMIT_ERROR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_STREAM_STATE_ERROR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR.3ossl
> +#usr/share/man/man3/OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT.3ossl
> #usr/share/man/man3/OSSL_QUIC_client_method.3ossl
> #usr/share/man/man3/OSSL_QUIC_client_thread_method.3ossl
> #usr/share/man/man3/OSSL_SELF_TEST_free.3ossl
> @@ -5143,6 +5184,29 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_INCOMING_STREAM_POLICY_AUTO.3ossl
> #usr/share/man/man3/SSL_INCOMING_STREAM_POLICY_REJECT.3ossl
> #usr/share/man/man3/SSL_OP_BIT.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_E.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_EC.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_ECD.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_ER.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_EW.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_F.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_I.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_IS.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_ISB.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_ISE.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_ISU.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_NONE.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_OS.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_OSB.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_OSE.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_OSU.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_R.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_RE.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_RW.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_RWE.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_W.3ossl
> +#usr/share/man/man3/SSL_POLL_EVENT_WE.3ossl
> +#usr/share/man/man3/SSL_POLL_FLAG_NO_HANDLE_EVENTS.3ossl
> #usr/share/man/man3/SSL_SESSION_dup.3ossl
> #usr/share/man/man3/SSL_SESSION_free.3ossl
> #usr/share/man/man3/SSL_SESSION_get0_alpn_selected.3ossl
> @@ -5164,6 +5228,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_SESSION_get_protocol_version.3ossl
> #usr/share/man/man3/SSL_SESSION_get_ticket_lifetime_hint.3ossl
> #usr/share/man/man3/SSL_SESSION_get_time.3ossl
> +#usr/share/man/man3/SSL_SESSION_get_time_ex.3ossl
> #usr/share/man/man3/SSL_SESSION_get_timeout.3ossl
> #usr/share/man/man3/SSL_SESSION_has_ticket.3ossl
> #usr/share/man/man3/SSL_SESSION_is_resumable.3ossl
> @@ -5183,6 +5248,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_SESSION_set_max_early_data.3ossl
> #usr/share/man/man3/SSL_SESSION_set_protocol_version.3ossl
> #usr/share/man/man3/SSL_SESSION_set_time.3ossl
> +#usr/share/man/man3/SSL_SESSION_set_time_ex.3ossl
> #usr/share/man/man3/SSL_SESSION_set_timeout.3ossl
> #usr/share/man/man3/SSL_SESSION_up_ref.3ossl
> #usr/share/man/man3/SSL_STREAM_FLAG_ADVANCE.3ossl
> @@ -5199,6 +5265,23 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_STREAM_TYPE_NONE.3ossl
> #usr/share/man/man3/SSL_STREAM_TYPE_READ.3ossl
> #usr/share/man/man3/SSL_STREAM_TYPE_WRITE.3ossl
> +#usr/share/man/man3/SSL_VALUE_CLASS_FEATURE_NEGOTIATED.3ossl
> +#usr/share/man/man3/SSL_VALUE_CLASS_FEATURE_PEER_REQUEST.3ossl
> +#usr/share/man/man3/SSL_VALUE_CLASS_FEATURE_REQUEST.3ossl
> +#usr/share/man/man3/SSL_VALUE_CLASS_GENERIC.3ossl
> +#usr/share/man/man3/SSL_VALUE_EVENT_HANDLING_MODE.3ossl
> +#usr/share/man/man3/SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT.3ossl
> +#usr/share/man/man3/SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT.3ossl
> +#usr/share/man/man3/SSL_VALUE_EVENT_HANDLING_MODE_INHERIT.3ossl
> +#usr/share/man/man3/SSL_VALUE_QUIC_IDLE_TIMEOUT.3ossl
> +#usr/share/man/man3/SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL.3ossl
> +#usr/share/man/man3/SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL.3ossl
> +#usr/share/man/man3/SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL.3ossl
> +#usr/share/man/man3/SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL.3ossl
> +#usr/share/man/man3/SSL_VALUE_STREAM_WRITE_BUF_AVAIL.3ossl
> +#usr/share/man/man3/SSL_VALUE_STREAM_WRITE_BUF_SIZE.3ossl
> +#usr/share/man/man3/SSL_VALUE_STREAM_WRITE_BUF_USED.3ossl
> +#usr/share/man/man3/SSL_WRITE_FLAG_CONCLUDE.3ossl
> #usr/share/man/man3/SSL_accept.3ossl
> #usr/share/man/man3/SSL_accept_stream.3ossl
> #usr/share/man/man3/SSL_add0_chain_cert.3ossl
> @@ -5310,12 +5393,17 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_get_default_timeout.3ossl
> #usr/share/man/man3/SSL_get_early_data_status.3ossl
> #usr/share/man/man3/SSL_get_error.3ossl
> +#usr/share/man/man3/SSL_get_event_handling_mode.3ossl
> #usr/share/man/man3/SSL_get_event_timeout.3ossl
> #usr/share/man/man3/SSL_get_ex_data.3ossl
> #usr/share/man/man3/SSL_get_ex_data_X509_STORE_CTX_idx.3ossl
> #usr/share/man/man3/SSL_get_ex_new_index.3ossl
> #usr/share/man/man3/SSL_get_extms_support.3ossl
> #usr/share/man/man3/SSL_get_fd.3ossl
> +#usr/share/man/man3/SSL_get_feature_negotiated_uint.3ossl
> +#usr/share/man/man3/SSL_get_feature_peer_request_uint.3ossl
> +#usr/share/man/man3/SSL_get_feature_request_uint.3ossl
> +#usr/share/man/man3/SSL_get_generic_value_uint.3ossl
> #usr/share/man/man3/SSL_get_handshake_rtt.3ossl
> #usr/share/man/man3/SSL_get_info_callback.3ossl
> #usr/share/man/man3/SSL_get_key_update_type.3ossl
> @@ -5338,6 +5426,10 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_get_privatekey.3ossl
> #usr/share/man/man3/SSL_get_psk_identity.3ossl
> #usr/share/man/man3/SSL_get_psk_identity_hint.3ossl
> +#usr/share/man/man3/SSL_get_quic_stream_bidi_local_avail.3ossl
> +#usr/share/man/man3/SSL_get_quic_stream_bidi_remote_avail.3ossl
> +#usr/share/man/man3/SSL_get_quic_stream_uni_local_avail.3ossl
> +#usr/share/man/man3/SSL_get_quic_stream_uni_remote_avail.3ossl
> #usr/share/man/man3/SSL_get_quiet_shutdown.3ossl
> #usr/share/man/man3/SSL_get_rbio.3ossl
> #usr/share/man/man3/SSL_get_read_ahead.3ossl
> @@ -5373,6 +5465,9 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_get_stream_read_error_code.3ossl
> #usr/share/man/man3/SSL_get_stream_read_state.3ossl
> #usr/share/man/man3/SSL_get_stream_type.3ossl
> +#usr/share/man/man3/SSL_get_stream_write_buf_avail.3ossl
> +#usr/share/man/man3/SSL_get_stream_write_buf_size.3ossl
> +#usr/share/man/man3/SSL_get_stream_write_buf_used.3ossl
> #usr/share/man/man3/SSL_get_stream_write_error_code.3ossl
> #usr/share/man/man3/SSL_get_stream_write_state.3ossl
> #usr/share/man/man3/SSL_get_time.3ossl
> @@ -5380,6 +5475,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_get_tlsext_status_ocsp_resp.3ossl
> #usr/share/man/man3/SSL_get_tlsext_status_type.3ossl
> #usr/share/man/man3/SSL_get_tmp_key.3ossl
> +#usr/share/man/man3/SSL_get_value_uint.3ossl
> #usr/share/man/man3/SSL_get_verify_callback.3ossl
> #usr/share/man/man3/SSL_get_verify_depth.3ossl
> #usr/share/man/man3/SSL_get_verify_mode.3ossl
> @@ -5417,6 +5513,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_peek.3ossl
> #usr/share/man/man3/SSL_peek_ex.3ossl
> #usr/share/man/man3/SSL_pending.3ossl
> +#usr/share/man/man3/SSL_poll.3ossl
> #usr/share/man/man3/SSL_psk_client_cb_func.3ossl
> #usr/share/man/man3/SSL_psk_find_session_cb_func.3ossl
> #usr/share/man/man3/SSL_psk_server_cb_func.3ossl
> @@ -5481,9 +5578,12 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_set_default_stream_mode.3ossl
> #usr/share/man/man3/SSL_set_dh_auto.3ossl
> #usr/share/man/man3/SSL_set_ecdh_auto.3ossl
> +#usr/share/man/man3/SSL_set_event_handling_mode.3ossl
> #usr/share/man/man3/SSL_set_ex_data.3ossl
> #usr/share/man/man3/SSL_set_fd.3ossl
> +#usr/share/man/man3/SSL_set_feature_request_uint.3ossl
> #usr/share/man/man3/SSL_set_generate_session_id.3ossl
> +#usr/share/man/man3/SSL_set_generic_value_uint.3ossl
> #usr/share/man/man3/SSL_set_hostflags.3ossl
> #usr/share/man/man3/SSL_set_incoming_stream_policy.3ossl
> #usr/share/man/man3/SSL_set_info_callback.3ossl
> @@ -5531,6 +5631,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_set_tmp_dh_callback.3ossl
> #usr/share/man/man3/SSL_set_tmp_ecdh.3ossl
> #usr/share/man/man3/SSL_set_trust.3ossl
> +#usr/share/man/man3/SSL_set_value_uint.3ossl
> #usr/share/man/man3/SSL_set_verify.3ossl
> #usr/share/man/man3/SSL_set_verify_depth.3ossl
> #usr/share/man/man3/SSL_set_verify_result.3ossl
> @@ -5572,6 +5673,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/SSL_write.3ossl
> #usr/share/man/man3/SSL_write_early_data.3ossl
> #usr/share/man/man3/SSL_write_ex.3ossl
> +#usr/share/man/man3/SSL_write_ex2.3ossl
> #usr/share/man/man3/SSLv23_client_method.3ossl
> #usr/share/man/man3/SSLv23_method.3ossl
> #usr/share/man/man3/SSLv23_server_method.3ossl
> @@ -6008,6 +6110,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man3/X509_STORE_get0_objects.3ossl
> #usr/share/man/man3/X509_STORE_get0_param.3ossl
> #usr/share/man/man3/X509_STORE_get1_all_certs.3ossl
> +#usr/share/man/man3/X509_STORE_get1_objects.3ossl
> #usr/share/man/man3/X509_STORE_get_cert_crl.3ossl
> #usr/share/man/man3/X509_STORE_get_check_crl.3ossl
> #usr/share/man/man3/X509_STORE_get_check_issued.3ossl
> @@ -6852,6 +6955,7 @@ usr/lib/ossl-modules/legacy.so
> #usr/share/man/man7/openssl-core_names.h.7ossl
> #usr/share/man/man7/openssl-env.7ossl
> #usr/share/man/man7/openssl-glossary.7ossl
> +#usr/share/man/man7/openssl-qlog.7ossl
> #usr/share/man/man7/openssl-quic.7ossl
> #usr/share/man/man7/openssl-threads.7ossl
> #usr/share/man/man7/openssl_user_macros.7ossl
> diff --git a/lfs/openssl b/lfs/openssl
> index 695035742..a714d4dcd 100644
> --- a/lfs/openssl
> +++ b/lfs/openssl
> @@ -24,7 +24,7 @@
>=20
> include Config
>=20
> -VER        =3D 3.2.1
> +VER        =3D 3.3.0
>=20
> THISAPP    =3D openssl-$(VER)
> DL_FILE    =3D $(THISAPP).tar.gz
> @@ -72,7 +72,7 @@ objects =3D $(DL_FILE)
>=20
> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>=20
> -$(DL_FILE)_BLAKE2 =3D 960222e0305166160e5ab000e29650b92063bf726551ee9ad460=
60166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347
> +$(DL_FILE)_BLAKE2 =3D c68efaf8aca87961f396e305acc767b56d651b9adf4fd2c9d9b5=
a3266e35da4b856c6ed34be47d656c782aade975f20317a6759913b33d29d7eb088e638fa501
>=20
> install : $(TARGET)
>=20
> --=20
> 2.44.0
>=20


--===============4609818845386084790==--