[tools] master update

[tomas]

The branch master has been updated
   via  dbfd886b5913a62543159c621013b4093434df13 (commit)
  from  be4668a589f159422522dc2619fd1a7bd8dea589 (commit)


- Log -
commit dbfd886b5913a62543159c621013b4093434df13
Author: Tomas Mraz 
Date:   Mon Nov 22 15:25:49 2021 +0100

pick-to-branch: Allow cherry-picking multiple commits at once

Reviewed-by: Paul Dale 
Reviewed-by: David von Oheimb 
(Merged from https://github.com/openssl/tools/pull/100)

---

Summary of changes:
 review-tools/pick-to-branch | 29 +
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/review-tools/pick-to-branch b/review-tools/pick-to-branch
index ac4176a..3254fca 100755
--- a/review-tools/pick-to-branch
+++ b/review-tools/pick-to-branch
@@ -1,17 +1,27 @@
 #! /bin/bash
 
 function usage {
-echo "Usage: pick-to-branch [] 
-Cherry-pick a commit on the given release target branch.
+echo "Usage: pick-to-branch []  []
+Cherry-pick a commit (or  commits) on the given release target branch.
 If this is not the current branch, the current branch and its state are 
preserved.
 
 The commit can be given in the form of a branch name.
 If no  arg is given, use the commit id of the HEAD of the master.
 The  arg must match a release branch or start with 'm' for master.
-A release branch may be given simply as 102, 110, 111, 30, 31."
+A release branch may be given simply as 102, 110, 111, 30, 31.
+
+The  argument defaults to 1 and can be specified only in case  is
+also given."
 }
 
+num=1
+
 case $# in
+3)
+id=$1
+b=$2
+num=$3
+;;
 2)
 id=$1
 b=$2
@@ -52,11 +62,14 @@ m*)
 ;;
 esac
 
-echo "Commit to chery-pick is $id:"
-git show $id | head -n 5
-echo
+echo "First commit to cherry-pick is: $id~$((num - 1))"
 echo "Target branch is: $branch"
-echo "Are both of these correct?"
+echo "Number of commits to pick: $num"
+echo "Commits to be cherry-picked:"
+echo
+git log $id~$num..$id
+echo
+echo "Are these correct?"
 
 while true
 do
@@ -102,7 +115,7 @@ git checkout --quiet master
 git checkout $branch
 git pull --ff-only
 CHERRYPICKING=1
-git cherry-pick -e -x $id || (git cherry-pick --abort; exit 1)
+git cherry-pick -e -x $id~$num..$id || (git cherry-pick --abort; exit 1)
 CHERRYPICKING=
 
 while true

[tools] master update

[tomas]

The branch master has been updated
   via  be4668a589f159422522dc2619fd1a7bd8dea589 (commit)
  from  744aefc2c80dbc3bd311cde0e5b75930b1da7381 (commit)


- Log -
commit be4668a589f159422522dc2619fd1a7bd8dea589
Author: Dr. David von Oheimb 
Date:   Wed Nov 17 14:38:19 2021 +0100

pick-to-branch: Improve fix of behavior on failed cherry-pick

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/99)

---

Summary of changes:
 review-tools/pick-to-branch | 5 +
 1 file changed, 5 insertions(+)

diff --git a/review-tools/pick-to-branch b/review-tools/pick-to-branch
index 18a25e5..ac4176a 100755
--- a/review-tools/pick-to-branch
+++ b/review-tools/pick-to-branch
@@ -84,6 +84,9 @@ function cleanup {
 rv=$?
 echo # make sure to enter new line, needed, e.g., after Ctrl-C
 [ $rv -ne 0 ] && echo -e "pick-to-branch failed"
+if [ "$CHERRYPICKING" == 1 ] ; then
+git cherry-pick --abort 2>/dev/null || true
+fi
 if [ "$branch" != "$ORIG_REF" ]; then
 echo Returning to previous branch $ORIG_REF
 git checkout -q $ORIG_REF
@@ -98,7 +101,9 @@ trap 'cleanup' EXIT
 git checkout --quiet master
 git checkout $branch
 git pull --ff-only
+CHERRYPICKING=1
 git cherry-pick -e -x $id || (git cherry-pick --abort; exit 1)
+CHERRYPICKING=
 
 while true
 do

[tools] master update

[tomas]

The branch master has been updated
   via  744aefc2c80dbc3bd311cde0e5b75930b1da7381 (commit)
   via  3b4084c37a6c2d1a9280b71a873dd0e057aec0be (commit)
  from  debabf50f5f2d7d0de575c69f8af642e9e84ae77 (commit)


- Log -
commit 744aefc2c80dbc3bd311cde0e5b75930b1da7381
Author: Dr. David von Oheimb 
Date:   Mon Nov 8 12:52:31 2021 +0100

pick-to-branch: make sure that local branch is up-to-date

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/98)

commit 3b4084c37a6c2d1a9280b71a873dd0e057aec0be
Author: Dr. David von Oheimb 
Date:   Mon Nov 8 12:46:35 2021 +0100

pick-to-branch: revert cherry-pick if aborted by user

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/98)

---

Summary of changes:
 review-tools/pick-to-branch | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/review-tools/pick-to-branch b/review-tools/pick-to-branch
index e7e1000..18a25e5 100755
--- a/review-tools/pick-to-branch
+++ b/review-tools/pick-to-branch
@@ -97,6 +97,7 @@ trap 'cleanup' EXIT
 
 git checkout --quiet master
 git checkout $branch
+git pull --ff-only
 git cherry-pick -e -x $id || (git cherry-pick --abort; exit 1)
 
 while true
@@ -113,4 +114,6 @@ done
 if [ "$x" = "y" -o "$x" = "yes" ]
 then
 git push
+else
+git reset --hard @~1
 fi

[tools] master update

[tomas]

The branch master has been updated
   via  debabf50f5f2d7d0de575c69f8af642e9e84ae77 (commit)
   via  c728b5e389a29e30759acc1baa7dcf0d05b6f0d0 (commit)
   via  3bfc3b4bc4fbc9026afed38335f15b1b0cbbfd4c (commit)
   via  41d7c0e63bf92b762f0369f0a56e25dfc51b2061 (commit)
   via  9ce7e5fb4ed7546ba412d14422e4bf2713bc1440 (commit)
  from  b57692c1f0b653ba5e4cbb2ae581b6f9def2bb45 (commit)


- Log -
commit debabf50f5f2d7d0de575c69f8af642e9e84ae77
Author: Dr. David von Oheimb 
Date:   Mon Nov 22 13:37:50 2021 +0100

ghmerge: restore to original commit HEAD of target on error/abort

Also add an empty line before the git log output for readability.

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/97)

commit c728b5e389a29e30759acc1baa7dcf0d05b6f0d0
Author: Dr. David von Oheimb 
Date:   Mon Nov 22 12:52:44 2021 +0100

ghmerge: correct assignment to WORK_USED

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/97)

commit 3bfc3b4bc4fbc9026afed38335f15b1b0cbbfd4c
Author: Dr. David von Oheimb 
Date:   Mon Nov 22 12:31:18 2021 +0100

ghmerge: Rename --ref to --target for clarity

We are keeping --ref for backward compat.

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/97)

commit 41d7c0e63bf92b762f0369f0a56e25dfc51b2061
Author: Dr. David von Oheimb 
Date:   Wed Nov 17 14:14:36 2021 +0100

ghmerge: extend --cherry-pick with the number of commits to pick

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/97)

commit 9ce7e5fb4ed7546ba412d14422e4bf2713bc1440
Author: Dr. David von Oheimb 
Date:   Mon Oct 25 14:45:17 2021 +0200

ghmerge: Fix behavior on failed cherry-pick, rebase, and pull

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/97)

---

Summary of changes:
 review-tools/ghmerge | 106 +--
 1 file changed, 68 insertions(+), 38 deletions(-)

diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index 7d1fc25..1371bfb 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -11,8 +11,9 @@ Option style arguments:
 --tools Merge a tools PR (rather than openssl PR)
 --web   Merge a web PR (rather than openssl PR)
 --remoteRepo to merge with (rather than git.openssl.org), usually 
'upstream'
---ref   Branch to merge with (rather than current branch), usually 
'master'
---cherry-pick   Use cherry-pick (rather than pull --rebase)
+--targetMerge target (rather than current branch), usually 'master'
+--ref   A synonym for --target
+--cherry-pick [] Cherry-pick the last n (1 <= n <= 99, default: 1) commits, 
rather than rebasing
 --squashSquash new commits non-interactively (allows editing msg)
 --noautosquash  Do not automatically squash fixups in interactive rebase
 --nobuild   Do not call 'openssbuild' before merging
@@ -22,7 +23,8 @@ Examples:
   ghmerge 12345 mattcaswell
   ghmerge 12345 paulidale t8m --nobuild --myemail=d...@ddvo.net
   ghmerge edd05b7..19692bb2c32 --squash -- 12345 levitte
-  ghmerge 12345 slontis --ref openssl-3.0"
+  ghmerge 12345 slontis --target openssl-3.0
+  ghmerge --nobuild --target openssl-3.0 --cherry-pick 3 16051 paulidale"
 exit 9
 }
 
@@ -33,7 +35,7 @@ PICK=no
 INTERACTIVE=yes
 AUTOSQUASH="--autosquash"
 REMOTE=""
-REF=""
+TARGET=""
 BUILD=yes
 [ -z ${CC+x} ] && CC="ccache gcc" # opensslbuild will otherwise use "ccache 
clang-3.6"
 
@@ -59,7 +61,11 @@ while [ $# -ne 0 ]; do
 WHAT=web ; BUILD=no ; shift
 ;;
 --cherry-pick)
-PICK=yes ; shift
+shift;
+PICK=1;
+if [ "$1" != "" ] && [ $1 -ge 1 ] 2>/dev/null && [ $1 -le 99 ]; then
+PICK=$1 ; shift
+fi
 ;;
 --noautosquash)
 AUTOSQUASH="" ; shift
@@ -77,12 +83,12 @@ while [ $# -ne 0 ]; do
 fi
 shift; REMOTE=$1; shift
 ;;
---ref)
+--target|--ref)
 if [ $# -lt 2 ] ; then
 echo "Missing argument of '$1'"
 usage_exit
 fi
-shift; REF=$1; shift
+shift; TARGET=$1; shift
 ;;
 --)
 if [ $# -lt 3 ] ; then
@@ -165,7 +171,18 @@ function cleanup {
 rv=$?
 echo # make sure to enter new line, needed, e.g., after Ctrl-C
 [ $rv -ne 0 ] && echo -e "\nghmerge failed"
-if [ "$REF" != "$ORIG_REF" ] || [ "$WORK_USED" != "" ]; then
+if [ "$REBASING" == 1 ] ; then
+git rebase --abort 2>/dev/null || true
+fi
+if [ "$CHERRYPICKING" == 1 ] ; then
+echo "Hint: maybe --cherry-pick was not given a suitable  
parameter."
+git cherry-pick --abort 2>/dev/null || true
+   

[tools] master update

[tomas]

The branch master has been updated
   via  b57692c1f0b653ba5e4cbb2ae581b6f9def2bb45 (commit)
  from  d9dd40cdad7cdcb6e6160430958a8a5e9998a369 (commit)


- Log -
commit b57692c1f0b653ba5e4cbb2ae581b6f9def2bb45
Author: Tomas Mraz 
Date:   Fri Nov 5 16:51:50 2021 +0100

pick-to-branch: fix inferring the id from master branch

Reviewed-by: Paul Dale 
Reviewed-by: David von Oheimb 
(Merged from https://github.com/openssl/tools/pull/96)

---

Summary of changes:
 review-tools/pick-to-branch | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/review-tools/pick-to-branch b/review-tools/pick-to-branch
index 6513a36..e7e1000 100755
--- a/review-tools/pick-to-branch
+++ b/review-tools/pick-to-branch
@@ -6,7 +6,7 @@ function usage {
 If this is not the current branch, the current branch and its state are 
preserved.
 
 The commit can be given in the form of a branch name.
-If no  arg is given, intuit commit id from master.
+If no  arg is given, use the commit id of the HEAD of the master.
 The  arg must match a release branch or start with 'm' for master.
 A release branch may be given simply as 102, 110, 111, 30, 31."
 }
@@ -17,7 +17,7 @@ case $# in
 b=$2
 ;;
 1)
-id=`git branch -v | awk '$1=="master" { print $2; }'`
+id=`git show -s --format="%H" master`
 b=$1
 ;;
 *)
@@ -52,7 +52,7 @@ m*)
 ;;
 esac
 
-echo "Commit to chery-pick is:"
+echo "Commit to chery-pick is $id:"
 git show $id | head -n 5
 echo
 echo "Target branch is: $branch"

[tools] master update

[tomas]

The branch master has been updated
   via  d9dd40cdad7cdcb6e6160430958a8a5e9998a369 (commit)
  from  4a5441d5602435cd801aeee4add5908cfc86acab (commit)


- Log -
commit d9dd40cdad7cdcb6e6160430958a8a5e9998a369
Author: Matt Caswell 
Date:   Wed Aug 25 09:46:14 2021 +0100

Make it more explicit how to push tags

Reviewed-by: Richard Levitte 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/90)

---

Summary of changes:
 HOWTO-make-a-release.md | 8 +---
 release-tools/README.md | 7 +++
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/HOWTO-make-a-release.md b/HOWTO-make-a-release.md
index 7456b6a..d378a4b 100644
--- a/HOWTO-make-a-release.md
+++ b/HOWTO-make-a-release.md
@@ -286,9 +286,11 @@ instructed by `dev/release.sh`.  You may want to sanity 
check the pushes by
 inserting the `-n` (dry-run) option.
 
 *For OpenSSL before 3.0*, simply push your local changes to the main source
-repo, and please do remember to push the release tags as well, which is done
-separately with the `--tags` option.  You may want to sanity check the
-pushes by inserting the `-n` (dry-run) option.
+repo, and please do remember to push the release tags as well. You may want to
+sanity check the pushes by inserting the `-n` (dry-run) option. You must 
specify
+the repository / remote and tag to be pushed:
+
+git push  
 
 ## Updating the website
 
diff --git a/release-tools/README.md b/release-tools/README.md
index dc18f74..c4d1462 100644
--- a/release-tools/README.md
+++ b/release-tools/README.md
@@ -141,11 +141,10 @@ typically want to sanity check this with:
 
 git push -n
 
-Push new tags to public repo. Again sanity check with:
+Push new tags to public repo. You must specify the repository / remote and tag
+name explicitly. Again sanity check with:
 
-git push --tags -n
-
-to make sure no local tags were pushed.
+git push -n  
 
 ##  Updating the website
 

[tools] master update

[tomas]

The branch master has been updated
   via  4a5441d5602435cd801aeee4add5908cfc86acab (commit)
   via  522710ebddbc2b17ad949174c3b30900be36e79c (commit)
   via  fb3ea4fea8a625bbf36516d0e329bf4790a12641 (commit)
   via  f6ecc7fef076779d1dde76fc6c7e4719aa685cb6 (commit)
   via  b92201c5a37ae8ef57298899464fc6c9eac0e70a (commit)
   via  e2c1ff33aaa776b465f23989107e2a72d3d2804f (commit)
  from  3189d5753970fa290365b02acb535ea5ef09e995 (commit)


- Log -
commit 4a5441d5602435cd801aeee4add5908cfc86acab
Author: Dr. David von Oheimb 
Date:   Mon Oct 25 10:01:19 2021 +0200

pick-to-branch: Further improve user guidance on commit id

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/95)

commit 522710ebddbc2b17ad949174c3b30900be36e79c
Author: Dr. David von Oheimb 
Date:   Mon Oct 25 09:47:18 2021 +0200

pick-to-branch: Fix behavior on failed cherry-pick

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/95)

commit fb3ea4fea8a625bbf36516d0e329bf4790a12641
Author: Dr. David von Oheimb 
Date:   Mon Oct 25 09:36:51 2021 +0200

pick-to-branch: Improve diagnostics on bad target branch

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/95)

commit f6ecc7fef076779d1dde76fc6c7e4719aa685cb6
Author: Dr. David von Oheimb 
Date:   Sat Oct 23 13:10:41 2021 +0200

pick-to-branch: Fix the case that commit id is derived from HEAD of master

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/95)

commit b92201c5a37ae8ef57298899464fc6c9eac0e70a
Author: Dr. David von Oheimb 
Date:   Sat Oct 23 12:49:30 2021 +0200

pick-to-branch: Preserve current branch and its state if it is not the 
target

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/95)

commit e2c1ff33aaa776b465f23989107e2a72d3d2804f
Author: Dr. David von Oheimb 
Date:   Sat Oct 23 12:32:35 2021 +0200

pick-to-branch: Improve user guidance

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/95)

---

Summary of changes:
 review-tools/pick-to-branch | 61 ++---
 1 file changed, 47 insertions(+), 14 deletions(-)

diff --git a/review-tools/pick-to-branch b/review-tools/pick-to-branch
index c446763..6513a36 100755
--- a/review-tools/pick-to-branch
+++ b/review-tools/pick-to-branch
@@ -1,6 +1,15 @@
 #! /bin/bash
 
-# If one arg, intuit commit id from master
+function usage {
+echo "Usage: pick-to-branch [] 
+Cherry-pick a commit on the given release target branch.
+If this is not the current branch, the current branch and its state are 
preserved.
+
+The commit can be given in the form of a branch name.
+If no  arg is given, intuit commit id from master.
+The  arg must match a release branch or start with 'm' for master.
+A release branch may be given simply as 102, 110, 111, 30, 31."
+}
 
 case $# in
 2)
@@ -8,11 +17,11 @@ case $# in
 b=$2
 ;;
 1)
-id=`git branch -v | awk '$2=="master" { print $3; }'`
+id=`git branch -v | awk '$1=="master" { print $2; }'`
 b=$1
 ;;
 *)
-echo "Usage $0 [commitid] branch"
+usage
 exit 1
 ;;
 esac
@@ -31,22 +40,27 @@ case $b in
 *3*0*)
 branch=openssl-3.0
 ;;
+*3*1*)
+branch=openssl-3.1
+;;
 m*)
 branch=master
 ;;
 *)
-echo Unknown branch
+echo Unknown release target branch \'$b\'
 exit 1
 ;;
 esac
 
-echo "id is $id"
-echo "branch is $branch"
-echo "Are these correct?"
+echo "Commit to chery-pick is:"
+git show $id | head -n 5
+echo
+echo "Target branch is: $branch"
+echo "Are both of these correct?"
 
 while true
 do
-echo -n "Enter 'yes' to continue or 'no' to abort: "
+echo -n "Enter 'y'/'yes' to continue or 'n'/'no' to abort: "
 read x
 x="`echo $x | tr A-Z a-z`"
 if [ "$x" = "y" -o "$x" = "yes" -o "$x" = "n" -o "$x" = "no" ]
@@ -60,13 +74,34 @@ then
 exit 1
 fi
 
-git checkout --quiet master || exit 1
-git checkout $branch || exit 1
-git cherry-pick -e -x $id
+
+ORIG_REF=`git rev-parse --abbrev-ref HEAD` # usually this will be 'master'
+if [ "$branch" != "$ORIG_REF" ]; then
+STASH_OUT=`git stash`
+fi
+
+function cleanup {
+rv=$?
+echo # make sure to enter new line, needed, e.g., after Ctrl-C
+[ $rv -ne 0 ] && echo -e "pick-to-branch failed"
+if [ "$branch" != "$ORIG_REF" ]; then
+echo Returning to previous branch $ORIG_REF
+git checkout -q $ORIG_REF
+if [ "$STASH_OUT" != "No local changes to save" ]; then
+git stash pop -q # restore original state, 

[tools] master update

[tomas]

The branch master has been updated
   via  3189d5753970fa290365b02acb535ea5ef09e995 (commit)
   via  485aa62c661197601a7648a9c6bc7b8350270bb6 (commit)
   via  670fbf0eec6cbca664de2ec5e17208499bf99ca2 (commit)
  from  f6070cac86caad71cde3b62cd3fd0e35c724eae3 (commit)


- Log -
commit 3189d5753970fa290365b02acb535ea5ef09e995
Author: Dr. David von Oheimb 
Date:   Thu Oct 7 16:00:40 2021 +0200

ghmerge: Avoid checking out ref branch if not needed

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/94)

commit 485aa62c661197601a7648a9c6bc7b8350270bb6
Author: Dr. David von Oheimb 
Date:   Thu Oct 7 15:54:44 2021 +0200

ghmerge: Improve robustness and clarity regarding which ref branch is used

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/94)

commit 670fbf0eec6cbca664de2ec5e17208499bf99ca2
Author: Dr. David von Oheimb 
Date:   Thu Oct 7 15:43:21 2021 +0200

ghmerge: Correct saving and restoring original state

Also properly catch the error that copy-of-... already exists

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/94)

---

Summary of changes:
 review-tools/ghmerge | 64 ++--
 1 file changed, 37 insertions(+), 27 deletions(-)

diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index 7f0746e..7d1fc25 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -22,7 +22,7 @@ Examples:
   ghmerge 12345 mattcaswell
   ghmerge 12345 paulidale t8m --nobuild --myemail=d...@ddvo.net
   ghmerge edd05b7..19692bb2c32 --squash -- 12345 levitte
-  ghmerge 12345 slontis --ref OpenSSL_1_1_1-stable"
+  ghmerge 12345 slontis --ref openssl-3.0"
 exit 9
 }
 
@@ -155,64 +155,74 @@ if [ -z "$WHO" -o -z "$BRANCH" -o -z "$REPO" ]; then
 exit 1
 fi
 
-if [ "$REF" = "" ]; then
-REF=`git rev-parse --abbrev-ref HEAD` # usually this will be 'master' or, 
e.g., 'OpenSSL_1_1_1-stable'
-else
-echo -n "Press Enter to checkout $REF: "; read foo
-git checkout $REF
-fi
-
-echo -n "Press Enter to pull the latest $REMOTE/$REF: "; read foo
-git pull $REMOTE $REF || (git rebase --abort; exit 1)
-
+ORIG_REF=`git rev-parse --abbrev-ref HEAD` # usually this will be 'master'
+STASH_OUT=`git stash`
 WORK="copy-of-${WHO}-${BRANCH}"
 
+(git branch | grep -q "$WORK") && (echo "Branch already exists: $WORK"; exit 1)
+
 function cleanup {
 rv=$?
-echo # new line
+echo # make sure to enter new line, needed, e.g., after Ctrl-C
 [ $rv -ne 0 ] && echo -e "\nghmerge failed"
-if [ "$WORK" != "$REF" ]; then
-echo Restoring local $REF
-git checkout -q $REF
-git branch -qD $WORK 2>/dev/null
+if [ "$REF" != "$ORIG_REF" ] || [ "$WORK_USED" != "" ]; then
+echo Returning to previous branch $ORIG_REF
+git checkout -q $ORIG_REF
+fi
+if [ "$WORK_USED" != "" ]; then
+git branch -qD $WORK_USED
+fi
+if [ "$STASH_OUT" != "No local changes to save" ]; then
+git stash pop -q # restore original state, pruning any leftover 
commits added locally
 fi
-git reset --hard $REMOTE/$REF # prune any leftover commits added locally
 }
 trap 'cleanup' EXIT
 
+[ "$REF" = "" ] && REF=$ORIG_REF
+if [ "$REF" != "$ORIG_REF" ]; then
+echo -n "Press Enter to checkout $REF: "; read foo
+git checkout $REF
+fi
+
+echo -n "Press Enter to pull the latest $REMOTE/$REF: "; read foo
+git pull $REMOTE $REF || (git rebase --abort; exit 1)
+
+WORK_USED=$WORK
 # append new commits from $REPO/$BRANCH
 if [ "$PICK" != "yes" ]; then
 echo Rebasing $REPO/$BRANCH on $REF...
 git fetch $REPO $BRANCH && git checkout -b $WORK FETCH_HEAD
+WORK_USED=$WORK
 git rebase $REF || (echo 'Fix or Ctrl-d to abort' ; read || (git rebase 
--abort; exit 1))
 else
 echo Cherry-picking $REPO/$BRANCH to $REF...
 git checkout -b $WORK $REF
+WORK_USED=$WORK
 git fetch $REPO $BRANCH && git cherry-pick FETCH_HEAD
 fi
 
-echo Diff against $REF
-git diff $REF
+echo Diff against $REMOTE/$REF
+git diff $REMOTE/$REF
 
 if [ "$INTERACTIVE" == "yes" ] ; then
-echo -n "Press Enter to interactively rebase $AUTOSQUASH on $REF: "; read 
foo
-git rebase -i $AUTOSQUASH $REF || (git rebase --abort; exit 1)
-echo "Calling addrev $ADDREVOPTS --prnum=$PRNUM $TEAM ${REF}.."
-addrev $ADDREVOPTS --prnum=$PRNUM $TEAM ${REF}..
+echo -n "Press Enter to interactively rebase $AUTOSQUASH on $REMOTE/$REF: 
"; read foo
+git rebase -i $AUTOSQUASH $REMOTE/$REF || (git rebase --abort; exit 1)
+echo "Calling addrev $ADDREVOPTS --prnum=$PRNUM $TEAM $REMOTE/$REF.."
+addrev $ADDREVOPTS --prnum=$PRNUM $TEAM $REMOTE/$REF..
 fi
 
-echo Log since $REF

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  f6070cac86caad71cde3b62cd3fd0e35c724eae3 (commit)
  from  35717050e0abb88170873e8403c369127fb877b1 (commit)


- Log -
commit f6070cac86caad71cde3b62cd3fd0e35c724eae3
Author: Tomas Mraz 
Date:   Thu Sep 2 14:04:36 2021 +0200

Remove run-checker completely as it is not used anymore

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/tools/pull/93)

---

Summary of changes:
 run-checker/README  |  88 ---
 run-checker/build-gost.sh   |  41 --
 run-checker/run-checker-autohooks/README|  50 ---
 run-checker/run-checker-autohooks/hook-end  | 100 -
 run-checker/run-checker-autohooks/hook-prepare  |  49 ---
 run-checker/run-checker-autohooks/hook-start|  81 ---
 run-checker/run-checker-autohooks/hook-takedown |   7 -
 run-checker/run-checker-cleanup.sh  |  18 ---
 run-checker/run-checker.sh  | 186 
 9 files changed, 620 deletions(-)
 delete mode 100644 run-checker/README
 delete mode 100755 run-checker/build-gost.sh
 delete mode 100644 run-checker/run-checker-autohooks/README
 delete mode 100755 run-checker/run-checker-autohooks/hook-end
 delete mode 100755 run-checker/run-checker-autohooks/hook-prepare
 delete mode 100755 run-checker/run-checker-autohooks/hook-start
 delete mode 100755 run-checker/run-checker-autohooks/hook-takedown
 delete mode 100755 run-checker/run-checker-cleanup.sh
 delete mode 100755 run-checker/run-checker.sh

diff --git a/run-checker/README b/run-checker/README
deleted file mode 100644
index b9540a0..000
--- a/run-checker/README
+++ /dev/null
@@ -1,88 +0,0 @@
-This tool is used to build various predefined config options of
-openssl and generate okay/fail reports.  The array of config options
-is found in run-checker.sh, assigned to 'opts'.
-
-Quick manual run
-
-
-To run a check on the master branch:
-
-git clone git://git.openssl.org/openssl.git openssl
-/path/to/run-checker.sh
-
-To run a check on a release branch:
-
-git clone -b OpenSSL_1_1_0-stable git://git.openssl.org/openssl.git openssl
-/path/to/run-checker.sh
-
-
-Hooks
--
-
-run-checker supports a few hooks, in form of scripts that are
-executed:
-
-hook-prepare   This script is run once, when run-checker is
-   starting.  If it exits with a status other
-   than zero, run-checker.sh will stop.  It gets
-   no arguments.
-
-hook-start This script is run before each option build.
-   If it exits with a status other than zero,
-   run-checker.sh will skip the current build.
-   It gets the following arguments:
-
-   $1  The build directory.
-   $2  The option being checked.
-   $3...   Configure options and arguments.
-
-hook-end   This script is run after each option build.
-   If gets the following arguments:
-
-   $1  The build directory.
-   $2  "pass" or "fail", depending on the
-   build result.
-
-hook-takedown  This script is run once, just before
-   run-checker terminates.  It gets no arguments.
-
-
-The hooks and documentation in run-checker-autohooks are an advanced
-example, and what the OpenSSL Team runs daily (automatically).
-
-
-Example hooks 1

-
-The run-checker script uses disk space by leaving every build tree
-behind!  It may be that you want to clear the build tree after each
-build.  This little hook can help:
-
-hook-end:
-
-#! /bin/sh
-builddir="$1"
-mv "$builddir"/build.log "$builddir".log && rm -rf "$builddir"
-
-Example hook 2
---
-
-This is a variant of Example hook 1 that saves away the build dir into
-a tarball:
-
-hook-end:
-
-#! /bin/sh
-builddir="$1"
-tar --remove-files -cJf "$builddir.tar.xz" "./$builddir"
-
-Example hook 3
---
-
-You might want to avoid some builds, based on the options.  For
-example, all the fuzz builds may require installations that you're not
-willing to do.  hook-start is the perfect place for this:
-
-#! /bin/sh
-if [ echo "$2" | grep -E '.*fuzz.*' ]; then exit 1; fi
-exit 0
diff --git a/run-checker/build-gost.sh b/run-checker/build-gost.sh
deleted file mode 100755
index a6f3468..000
--- a/run-checker/build-gost.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#! /bin/bash
-#
-# Run in a directory for a gost engine build.
-# Two subdirectories will be created:
-#
-#gost-engine   a checkout of 

[tools] master update

[tomas]

The branch master has been updated
   via  35717050e0abb88170873e8403c369127fb877b1 (commit)
  from  ed247a7778c7a043f726f862e9544c963fd22e83 (commit)


- Log -
commit 35717050e0abb88170873e8403c369127fb877b1
Author: Pauli 
Date:   Fri Aug 27 14:25:14 2021 +1000

run-checker: remove the fuzzing builds

Not to be merged until after openssl/openssl#16438 is merged and working.

Reviewed-by: Richard Levitte 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/91)

---

Summary of changes:
 run-checker/run-checker.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 124259f..b3be342 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -21,9 +21,7 @@
 # hook-takedown - called at the very end
 
 here=$(cd $(dirname $0); pwd)
-opts=( ''
-enable-fuzz-afl enable-fuzz-libfuzzer
-)
+opts=( '' )
 
 run-hook () {
 local hookname=$1; shift

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  ed247a7778c7a043f726f862e9544c963fd22e83 (commit)
  from  f39ecd88bc71cdb4332ec42b12405abf3738bde2 (commit)


- Log -
commit ed247a7778c7a043f726f862e9544c963fd22e83
Author: Pauli 
Date:   Wed Sep 1 09:08:21 2021 +1000

Update tools scripts to know about 3.0

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/92)

---

Summary of changes:
 review-tools/opensslpull| 4 
 review-tools/pick-to-branch | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/review-tools/opensslpull b/review-tools/opensslpull
index 0c8a40b..d8b97c6 100755
--- a/review-tools/opensslpull
+++ b/review-tools/opensslpull
@@ -9,6 +9,7 @@ test -f ./config || {
 git checkout --quiet OpenSSL_1_0_2-stable ; git pull --rebase
 git checkout --quiet OpenSSL_1_1_0-stable ; git pull --rebase
 git checkout --quiet OpenSSL_1_1_1-stable ; git pull --rebase
+git checkout --quiet openssl-3.0 ; git pull --rebase
 git checkout --quiet master
 git rebase -p origin/master
 
@@ -17,6 +18,9 @@ for B in `git branch | fgrep -v '*'` ; do
 OpenSSL*-stable)
 echo "skipping $B"
 ;;
+openssl-*)
+echo "skipping $B"
+;;
 *)
 # If .skiplist exists and this branch is listed, don't rebase
 if test -f .skiplist && grep -q "$B" .skiplist ; then
diff --git a/review-tools/pick-to-branch b/review-tools/pick-to-branch
index a5dd427..c446763 100755
--- a/review-tools/pick-to-branch
+++ b/review-tools/pick-to-branch
@@ -28,6 +28,9 @@ case $b in
 *1*1*1*)
 branch=OpenSSL_1_1_1-stable
 ;;
+*3*0*)
+branch=openssl-3.0
+;;
 m*)
 branch=master
 ;;

[tools] master update

[Matt Caswell]

The branch master has been updated
   via  f39ecd88bc71cdb4332ec42b12405abf3738bde2 (commit)
  from  0e935b5510ff4240341205184085f8a93eb36c24 (commit)


- Log -
commit f39ecd88bc71cdb4332ec42b12405abf3738bde2
Author: Matt Caswell 
Date:   Fri May 21 10:18:18 2021 +0100

Send release emails from the owner of the signing key

Announcement emails should be sent from the email account of the owner of
the signing key, otherwise some email clients will fail to verify the key
correctly.

A longer term solution will be to have a separate release signing key.

Reviewed-by: Paul Dale 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/89)

---

Summary of changes:
 HOWTO-make-a-release.md | 13 +++--
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/HOWTO-make-a-release.md b/HOWTO-make-a-release.md
index 012256e..7456b6a 100644
--- a/HOWTO-make-a-release.md
+++ b/HOWTO-make-a-release.md
@@ -335,16 +335,17 @@ Also check the notes here:
 Send out the announcements.  Generic release announcement messages will be
 created automatically by the build script and the commands you need to use
 to send them were displayed when you executed do-release.pl above.
-These should normally be sent from the openssl account.  These are sent to
-openssl-users, openssl-project, and openssl-announce.
+These are sent to openssl-users, openssl-project, and openssl-announce. They
+should be sent from the account of the person that owns the key used for 
signing
+the release announcement. Ensure that mutt is configured correctly - send a 
test
+email first if necessary.
 
 If do-release.pl was used with `--move` be sure to move the announcement
 text files away from the staging directory after they have been sent.  This
 is done as follows (with VERSION replaced with the version of OpenSSL to
 announce):
 
-sudo -u openssl \
-mutt -s "OpenSSL version VERSION published" \
+REPLYTO="open...@openssl.org" mutt -s "OpenSSL version VERSION published" \
 openssl-project openssl-users openssl-announce \
 < /home/openssl/dist/new/openssl-VERSION.txt.asc
 sudo -u openssl \
@@ -367,9 +368,9 @@ Then copy the result to the temporary directory on 
dev.openssl.org:
 scp secadv_FILENAME.txt.asc dev.openssl.org:/tmp
 
 To finish, log in on dev.openssl.org and send the signed Security
-Advisory by email as the openssl user, and the remove it:
+Advisory by email as the user that signed the advisory, and then remove it:
 
-sudo -u openssl mutt -s "OpenSSL Security Advisory" \
+REPLYTO="open...@openssl.org" mutt -s "OpenSSL Security Advisory" \
 openssl-project openssl-users openssl-announce \
 

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  0e935b5510ff4240341205184085f8a93eb36c24 (commit)
  from  ca5cf74927c857e135ec53640b2dcf58740da56e (commit)


- Log -
commit 0e935b5510ff4240341205184085f8a93eb36c24
Author: Pauli 
Date:   Wed May 12 11:25:35 2021 +1000

run-checker: reduce the number of builds

With the addition of most run-checker jobs to GitHub Actions, there is no 
need
to continue running these jobs ourselves.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/tools/pull/87)

---

Summary of changes:
 run-checker/run-checker.sh | 29 +
 1 file changed, 1 insertion(+), 28 deletions(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 699f30f..124259f 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -22,34 +22,7 @@
 
 here=$(cd $(dirname $0); pwd)
 opts=( ''
-no-afalgeng enable-asan no-asm no-async no-autoalginit no-autoerrinit
-no-bf no-blake2 no-camellia no-capieng no-cast no-chacha no-cmac no-cms no-comp
-enable-crypto-mdebug enable-crypto-mdebug-backtrace no-ct no-deprecated no-des
-no-dgram no-dh no-dsa no-dso no-dynamic-engine no-ec no-ec2m no-ecdh
-no-ecdsa enable-ec_nistp_64_gcc_128 enable-egd no-engine 'no-engine no-shared'
-no-err no-filenames
-no-aria no-asan no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng
-no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer
-no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ssl no-ssl-trace no-tests
-no-ubsan no-ui-console no-unit-test no-weak-ssl-ciphers
-no-zlib no-zlib-dynamic
-enable-fuzz-afl enable-fuzz-libfuzzer enable-heartbeats no-hw no-hw-padlock
-no-idea no-makedepend enable-md2 no-md4 no-mdc2 no-gost no-multiblock
-no-nextprotoneg no-ocb no-ocsp no-pic no-poly1305 no-posix-io no-psk no-rc2
-no-rc4 enable-rc5 no-rdrand no-rfc3779 no-ripemd no-rmd160 no-scrypt 
enable-sctp
-no-seed no-shared no-sock no-srp no-srtp no-sse2 enable-ssl-trace
-no-static-engine no-stdio no-threads no-ts enable-ubsan no-ui
-enable-unit-test no-whirlpool enable-weak-ssl-ciphers enable-zlib
-enable-zlib-dynamic 386 no-dtls no-tls no-ssl3 no-tls1 no-tls1_1 no-tls1_2
-no-dtls1 no-dtls1_2 no-ssl3-method no-tls1-method no-tls1_1-method
-no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 no-sm2
-no-sm3 no-sm4 enable-trace no-legacy no-cached-fetch no-autoload-config
-'no-buildtest-c++' no-bulk no-cmp no-ktls no-module no-padlockeng
-no-pinshared no-secure-memory no-siv no-uplink enable-acvp-tests enable-fips
-'enable-fips no-fips-securitychecks' 'enable-fips enable-acvp-tests'
-'enable-fips no-tls' 'enable-fips no-tls1_1' 'enable-fips no-tls1'
-'enable-fips no-ssl3-method' 'enable-fips no-tls1-method'
-'enable-fips no-tls1_1-method' 'enable-fips no-tls1_3'
+enable-fuzz-afl enable-fuzz-libfuzzer
 )
 
 run-hook () {

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  ca5cf74927c857e135ec53640b2dcf58740da56e (commit)
  from  e771ebd4a0e349d929dc2e6f7ad2af48978e772d (commit)


- Log -
commit ca5cf74927c857e135ec53640b2dcf58740da56e
Author: Pauli 
Date:   Sat May 1 13:47:11 2021 +1000

run-checker: add more builds with FIPS enabled and other disabled.

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/85)

---

Summary of changes:
 run-checker/run-checker.sh | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index dbb3da5..699f30f 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -46,7 +46,10 @@ no-tls1_2-method no-dtls1-method no-dtls1_2-method 
no-siphash no-tls1_3 no-sm2
 no-sm3 no-sm4 enable-trace no-legacy no-cached-fetch no-autoload-config
 'no-buildtest-c++' no-bulk no-cmp no-ktls no-module no-padlockeng
 no-pinshared no-secure-memory no-siv no-uplink enable-acvp-tests enable-fips
-'enable-fips no-fips-securitychecks'
+'enable-fips no-fips-securitychecks' 'enable-fips enable-acvp-tests'
+'enable-fips no-tls' 'enable-fips no-tls1_1' 'enable-fips no-tls1'
+'enable-fips no-ssl3-method' 'enable-fips no-tls1-method'
+'enable-fips no-tls1_1-method' 'enable-fips no-tls1_3'
 )
 
 run-hook () {

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  e771ebd4a0e349d929dc2e6f7ad2af48978e772d (commit)
  from  fa7b4ef4e67bb944a40c83539b216c398426bfc1 (commit)


- Log -
commit e771ebd4a0e349d929dc2e6f7ad2af48978e772d
Author: Pauli 
Date:   Tue May 4 18:14:32 2021 +1000

run-checker: disable debug flag for builds

It is more representative of reality.

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/86)

---

Summary of changes:
 run-checker/run-checker.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index b59283c..dbb3da5 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -132,7 +132,7 @@ if run-hook prepare; then
 else
 builddir="$(echo $opt | sed -e 's|[ /]|_|g')"
 fi
-if run-hook start "$builddir" "$opt" -d $warnopts $expandedopts; then
+if run-hook start "$builddir" "$opt" $warnopts $expandedopts; then
 if (
 set -e
 
@@ -143,7 +143,7 @@ if run-hook prepare; then
 
 echo "Building with '$opt'"
 log-eval \
-CC=$optcc ../openssl/config -d $warnopts $expandedopts \
+CC=$optcc ../openssl/config $warnopts $expandedopts \
 >build.log 2>&1 || \
 exit $?
 

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  fa7b4ef4e67bb944a40c83539b216c398426bfc1 (commit)
  from  ee7da65b64a2409255d9effb751b4082642e3d39 (commit)


- Log -
commit fa7b4ef4e67bb944a40c83539b216c398426bfc1
Author: Pauli 
Date:   Fri Apr 30 09:56:39 2021 +1000

Add additional run-checker no-XXX options.

There were a number of options missing:

no-autoload-config
no-buildtest-c++
no-bulk
no-cmp
no-ktls
no-module
no-padlockeng
no-pinshared
no-secure-memory
no-siv
no-uplink
enable-acvp-tests
enable-fips
enable-fips no-fips-securitychecks

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/tools/pull/84)

---

Summary of changes:
 run-checker/run-checker.sh | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 05d6332..b59283c 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -43,7 +43,11 @@ enable-unit-test no-whirlpool enable-weak-ssl-ciphers 
enable-zlib
 enable-zlib-dynamic 386 no-dtls no-tls no-ssl3 no-tls1 no-tls1_1 no-tls1_2
 no-dtls1 no-dtls1_2 no-ssl3-method no-tls1-method no-tls1_1-method
 no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 no-sm2
-no-sm3 no-sm4 enable-trace no-legacy no-cached-fetch)
+no-sm3 no-sm4 enable-trace no-legacy no-cached-fetch no-autoload-config
+'no-buildtest-c++' no-bulk no-cmp no-ktls no-module no-padlockeng
+no-pinshared no-secure-memory no-siv no-uplink enable-acvp-tests enable-fips
+'enable-fips no-fips-securitychecks'
+)
 
 run-hook () {
 local hookname=$1; shift

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  ee7da65b64a2409255d9effb751b4082642e3d39 (commit)
  from  9d9c86fe443afcb8a13a8ae40b91674a6afefcd3 (commit)


- Log -
commit ee7da65b64a2409255d9effb751b4082642e3d39
Author: Tomas Mraz 
Date:   Wed Apr 28 11:24:42 2021 +0200

ghmerge: Rebase PR on top of master

ghmerge rebased the newer commits from master on top of PR first
which does not do much sense. Do it the other way around.

Also allow fixing eventual trivial rebase conflicts in the
background.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/tools/pull/83)

---

Summary of changes:
 review-tools/ghmerge | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index 06f6bfa..7f0746e 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -180,14 +180,14 @@ function cleanup {
 }
 trap 'cleanup' EXIT
 
-git checkout -b $WORK $REF
-
 # append new commits from $REPO/$BRANCH
 if [ "$PICK" != "yes" ]; then
 echo Rebasing $REPO/$BRANCH on $REF...
-git pull --rebase $REPO $BRANCH || (git rebase --abort; exit 1)
+git fetch $REPO $BRANCH && git checkout -b $WORK FETCH_HEAD
+git rebase $REF || (echo 'Fix or Ctrl-d to abort' ; read || (git rebase 
--abort; exit 1))
 else
 echo Cherry-picking $REPO/$BRANCH to $REF...
+git checkout -b $WORK $REF
 git fetch $REPO $BRANCH && git cherry-pick FETCH_HEAD
 fi
 

[tools] master update

[Richard Levitte]

The branch master has been updated
   via  9d9c86fe443afcb8a13a8ae40b91674a6afefcd3 (commit)
  from  e1fc98e1c15660ad4d51526cc6da9c44e2f49cd4 (commit)


- Log -
commit 9d9c86fe443afcb8a13a8ae40b91674a6afefcd3
Author: Richard Levitte 
Date:   Tue Nov 17 11:28:23 2020 +0100

release-tools: Separate do-release.pl docs from mkrelease.pl docs

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/tools/pull/74)

---

Summary of changes:
 release-tools/DO-RELEASE.md | 34 ++
 release-tools/MKRELEASE.md  | 35 ---
 release-tools/README.md |  2 +-
 3 files changed, 35 insertions(+), 36 deletions(-)
 create mode 100644 release-tools/DO-RELEASE.md

diff --git a/release-tools/DO-RELEASE.md b/release-tools/DO-RELEASE.md
new file mode 100644
index 000..636d60b
--- /dev/null
+++ b/release-tools/DO-RELEASE.md
@@ -0,0 +1,34 @@
+# Documentation on the do-release script
+
+The do-release.pl script copies distributions from the temporary holding area
+to the http and ftp areas. It it intended to be run as the `openssl` user on
+dev.openssl.org.
+
+It does the following:
+
+1. Copy OpenSSL release files from the holding area to the http and ftp
+   locations: currently /v/openssl/www/source and /v/openssl/ftp/source
+2. Move OpenSSL release files from holding area to ~openssl/dist/old By
+   doing this the script wont try and make a release again with old files.
+3. Mail the release message. This is sent to openssl-project openssl-users
+   and openssl-announce (it needs to be approved in openssl-announce). The
+   subject line is `OpenSSL version xxx released`.
+
+## do-release options
+
+- `--copy`
+  Copy files to http and ftp directories.  **You will have to manually move
+  the OLD files to old/ directories.**
+
+- `--move`
+  Move files from holding area to ~openssl/dist/old
+
+- `--mail`
+  Send out announcement email: if this option is not given, the command you
+  need to call to send the release mail will be printed out.
+
+- `--full-release`
+  Perform all operations for a release (copy, move and mail).
+
+Note: because several of these options are irreversible they have to be
+explicitly included.
diff --git a/release-tools/MKRELEASE.md b/release-tools/MKRELEASE.md
index 3c8c1e4..be9e73e 100644
--- a/release-tools/MKRELEASE.md
+++ b/release-tools/MKRELEASE.md
@@ -136,38 +136,3 @@ For local testing, you can do something like this:
 - `--branch-version=version`
   Use branch `version` instead of the one autodetected for the current branch.
   This option is not normally needed.
-
-# The do-release script
-
-The do-release.pl script copies distributions from the temporary holding area
-to the http and ftp areas. It it intended to be run as the `openssl` user on
-dev.openssl.org.
-
-It does the following:
-
-1. Copy OpenSSL release files from the holding area to the http and ftp
-   locations: currently /v/openssl/www/source and /v/openssl/ftp/source
-2. Move OpenSSL release files from holding area to ~openssl/dist/old By
-   doing this the script wont try and make a release again with old files.
-3. Mail the release message. This is sent to openssl-dev openssl-users and
-   openssl-announce (it needs to be approved in openssl-announce). The
-   subject line is `OpenSSL version xxx released`.
-
-## do-release options
-
-- `--copy`
-  Copy files to http and ftp directories.  **You will have to manually move
-  the OLD files to old/ directories.**
-
-- `--move`
-  Move files from holding area to ~openssl/dist/old
-
-- `--mail`
-  Send out announcement email: if this option is not given, the command you
-  need to call to send the release mail will be printed out.
-
-- `--full-release`
-  Perform all operations for a release (copy, move and mail).
-
-Note: because several of these options are irreversible they have to be
-explicitly included.
diff --git a/release-tools/README.md b/release-tools/README.md
index ad03508..dc18f74 100644
--- a/release-tools/README.md
+++ b/release-tools/README.md
@@ -114,7 +114,7 @@ associated files should be in ~openssl/dist/new.  They 
should be owned by the
 openssl userid and world-readable.
 
 Copy the tarballs to appropriate directories. This can be
-done using the do-release.pl script.  See MKRELEASE.md for a description of
+done using the do-release.pl script.  See DO-RELEASE.md for a description of
 the options. For example:
 
 sudo -u openssl perl ~openssl/do-release.pl --copy --move

[tools] master update

[Richard Levitte]

The branch master has been updated
   via  e1fc98e1c15660ad4d51526cc6da9c44e2f49cd4 (commit)
  from  af3ebdeb6cc591cf92a3790ae091a11bf8da7e9a (commit)


- Log -
commit e1fc98e1c15660ad4d51526cc6da9c44e2f49cd4
Author: Richard Levitte 
Date:   Tue Nov 17 11:53:30 2020 +0100

New releasing instructions, HOWTO-make-a-release.md

README.md in $TOOLS/release-tools/ isn't obvious to discover.  It has
also aged considerably, at least in terms of OpenSSL 3.0, so needs a
serious update.

Co-authored-by: Matthias St. Pierre 

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/tools/pull/75)

---

Summary of changes:
 HOWTO-make-a-release.md| 400 +
 README |   8 +-
 release-tools/mkrelease.pl |   0
 3 files changed, 406 insertions(+), 2 deletions(-)
 create mode 100644 HOWTO-make-a-release.md
 mode change 100644 => 100755 release-tools/mkrelease.pl

diff --git a/HOWTO-make-a-release.md b/HOWTO-make-a-release.md
new file mode 100644
index 000..012256e
--- /dev/null
+++ b/HOWTO-make-a-release.md
@@ -0,0 +1,400 @@
+# HOW TO MAKE A RELEASE
+
+This file documents how to make an OpenSSL release.  Please fix any errors
+you find while doing, or just after, your next release!
+
+Releases are done by one person, with a second person acting as the reviewer
+and additional tester.
+
+# Table of contents
+
+-   [Prerequisites](#prerequisites)
+-   [Software](#software)
+-   [Repositories](#repositories)
+-   [PGP / GnuPG key](#pgp-gnupg-key)
+-   [SSH access](#check-your-access)
+-   [A method for reviewing](#a-way-to-reviewing)
+-   [Pre-publishing tasks](#pre-publishing-tasks)
+-   [Freeze the source repository](#freeze-the-source-repository) [the day 
before release]
+-   [Prepare your repository checkouts](#prepare-your-repository-checkouts)
+-   [Make sure that the openssl source is up to 
date](#make-sure-that-the-openssl-source-is-up-to-date)
+-   [Generate the tarball and announcement 
text](#generating-the-tarball-and-announcement-text)
+-   [OpenSSL 3.0 and on](#openssl-3.0-and-on)
+-   [OpenSSL before 3.0](#openssl-before-3.0)
+-   [Update the website locally](#update-the-website-locally) [do not push]
+-   [Publish the release](#publish-the-release)
+-   [Post-publishing tasks](#post-publishing-tasks)
+-   [Check the website](#check-the-website)
+-   [Send the announcement mail](#send-the-announcement-mail)
+-   [Send out the Security Advisory](#send-out-the-security-advisory)
+-   [Unfreeze the source repository](#unfreeze-the-source-repository)
+-   [Security fixes](#security-fixes)
+-   [Keep in touch](#keep-in-touch)
+
+
+# Prerequisites
+
+## Software
+
+Apart from the basic operating system utilities, you must have the following
+programs in you `$PATH`:
+
+- openssl
+- ssh
+- gpg
+- git
+
+(note: this may not be a complete list)
+
+## Repositories
+
+You must have access to the following repositories:
+
+-   `openssl-...@git.openssl.org:openssl.git`
+
+This is the usual main source repository
+
+-   `openssl-...@git.openssl.org:openssl-web.git`
+
+This is the website repository
+
+-   `openssl-...@git.openssl.org:tools.git`
+
+This contains certain common tools
+
+## PGP / GnuPG key
+
+You must have a PGP / GnuPG key, and its fingerprint should be present in
+the file `doc/fingerprints.txt` in the source of the immediately prior
+OpenSSL release.
+
+## SSH access
+
+To perform a release, you must have appropriate access to OpenSSL's
+development host, dev.openssl.org.  To test this, try to log in with ssh:
+
+ssh dev.openssl.org
+
+You must also check that you can perform tasks as the user 'openssl' on
+dev.openssl.org.  When you have successfully logged in, test your access to
+that user with sudo:
+
+sudo -u openssl id
+
+## A method for reviewing
+
+For reviewing to take place, the release person and the reviewer need a way
+to share changes that are being applied.  Most commonly, that's done as PRs
+(for normal releases) or security advisories (for undisclosed security
+fixes) through Github.
+
+Security advisories are created using the Github Security tab, and will
+generate a private repository, to which you can add collaborators (the
+reviewer, for instance), and use it to fix the issue via pull requests.
+For more information, please read Github's [creating a security advisory],
+including the "Next Steps" at the end of that page.
+
+[creating a security advisory]:
+
+
+The release person and the reviewer are allowed to use other means to share
+the commits to be reviewed if they desire.
+
+The release person and the 

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  af3ebdeb6cc591cf92a3790ae091a11bf8da7e9a (commit)
  from  bd6c6f78c080744a0092f04c04b7a38121ddcff3 (commit)


- Log -
commit af3ebdeb6cc591cf92a3790ae091a11bf8da7e9a
Author: Pauli 
Date:   Wed Feb 10 22:09:19 2021 +1000

Add a run-checker job that uses the no-cached-fetch option.

This cannot be merged until after #14126 is.

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/82)

---

Summary of changes:
 run-checker/run-checker.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 441fc60..05d6332 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -43,7 +43,7 @@ enable-unit-test no-whirlpool enable-weak-ssl-ciphers 
enable-zlib
 enable-zlib-dynamic 386 no-dtls no-tls no-ssl3 no-tls1 no-tls1_1 no-tls1_2
 no-dtls1 no-dtls1_2 no-ssl3-method no-tls1-method no-tls1_1-method
 no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 no-sm2
-no-sm3 no-sm4 enable-trace no-legacy)
+no-sm3 no-sm4 enable-trace no-legacy no-cached-fetch)
 
 run-hook () {
 local hookname=$1; shift
@@ -119,6 +119,8 @@ if run-hook prepare; then
 #The gost engine uses some deprecated symbols so we don't use it
 #in a no-deprecated build
 gost_engine=""
+elif [ "$opt" == "no-cached-fetch" ]; then
+expandedopts="no-cached-fetch enable-asan enable-ubsan"
 fi
 
 if [ -z "$opt" ]; then

[tools] master update

[tmraz]

The branch master has been updated
   via  bd6c6f78c080744a0092f04c04b7a38121ddcff3 (commit)
  from  51ba5bc2c18780f94136c71800afc3cf8fd32d40 (commit)


- Log -
commit bd6c6f78c080744a0092f04c04b7a38121ddcff3
Author: Tomas Mraz 
Date:   Thu Jan 7 10:01:04 2021 +0100

addrev: Silence the git filter-branch warning message

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/tools/pull/81)

---

Summary of changes:
 review-tools/addrev | 1 +
 1 file changed, 1 insertion(+)

diff --git a/review-tools/addrev b/review-tools/addrev
index aa5215a..8f28b02 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -82,6 +82,7 @@ if ($useself) {
 }
 
 my $err = "/tmp/addrev$$";
+$ENV{FILTER_BRANCH_SQUELCH_WARNING} = 1;
 system("git filter-branch -f --tag-name-filter cat --msg-filter \"gitaddrev 
$args\" $filterargs || (echo addrev failed; exit 1)");
 die if $?;
 

[tools] master update

[tmraz]

The branch master has been updated
   via  51ba5bc2c18780f94136c71800afc3cf8fd32d40 (commit)
  from  6305ba8fded75d8dcc410caae0a22c712228b721 (commit)


- Log -
commit 51ba5bc2c18780f94136c71800afc3cf8fd32d40
Author: Tomas Mraz 
Date:   Tue Dec 8 16:51:04 2020 +0100

ghmerge: Pass --tools and --web to addrev

Reviewed-by: Paul Dale 
Reviewed-by: David von Oheimb 
(Merged from https://github.com/openssl/tools/pull/80)

---

Summary of changes:
 review-tools/ghmerge | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index 02ab06e..06f6bfa 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -28,7 +28,7 @@ Examples:
 
 set -o errexit
 
-WHAT=openssl
+WHAT=""
 PICK=no
 INTERACTIVE=yes
 AUTOSQUASH="--autosquash"
@@ -116,6 +116,12 @@ while [ $# -ne 0 ]; do
 ;;
 esac
 done
+
+if [ "$WHAT" = "" ] ; then
+WHAT="openssl"
+else
+ADDREVOPTS="$ADDREVOPTS --$WHAT"
+fi
 ADDREVOPTS=${ADDREVOPTS# } # chop any leading ' '
 
 [ "$REMOTE" = "" ] && REMOTE=`git remote -v | awk '/git.openssl.org.*(push)/{ 
print $1; }' | head -n 1` # usually this will be 'upstream'

[tools] master update

[Matt Caswell]

The branch master has been updated
   via  6305ba8fded75d8dcc410caae0a22c712228b721 (commit)
  from  7f0c30333ce9b6a8101c8aa01a8156c014182c16 (commit)


- Log -
commit 6305ba8fded75d8dcc410caae0a22c712228b721
Author: Matt Caswell 
Date:   Wed Dec 2 13:32:58 2020 +

Add a check for no-legacy to run-checker

Reviewed-by: Richard Levitte 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/tools/pull/78)

---

Summary of changes:
 run-checker/run-checker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 19849cd..441fc60 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -43,7 +43,7 @@ enable-unit-test no-whirlpool enable-weak-ssl-ciphers 
enable-zlib
 enable-zlib-dynamic 386 no-dtls no-tls no-ssl3 no-tls1 no-tls1_1 no-tls1_2
 no-dtls1 no-dtls1_2 no-ssl3-method no-tls1-method no-tls1_1-method
 no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 no-sm2
-no-sm3 no-sm4 enable-trace )
+no-sm3 no-sm4 enable-trace no-legacy)
 
 run-hook () {
 local hookname=$1; shift

[tools] master update

[tmraz]

The branch master has been updated
   via  7f0c30333ce9b6a8101c8aa01a8156c014182c16 (commit)
   via  67906aa38534940c02c1d4182bd981cc9e7801de (commit)
   via  f9bb1cac3f600a78d1b00770879aa7a6d5f133e2 (commit)
   via  4ed0a292ebf9c293f051a4f8b00280f3e7ad2717 (commit)
   via  3953ec2fe13961d35bd577c381a0680701c8bcbe (commit)
  from  96a195347859112c1520d1ef84690ec3109f1f49 (commit)


- Log -
commit 7f0c30333ce9b6a8101c8aa01a8156c014182c16
Author: Dr. David von Oheimb 
Date:   Thu Dec 3 13:59:25 2020 +0100

addrev: Remove tabs by space chars

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/79)

commit 67906aa38534940c02c1d4182bd981cc9e7801de
Author: Dr. David von Oheimb 
Date:   Thu Dec 3 12:55:19 2020 +0100

addrev: Fix regression on parsing bare prnum; correct help output

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/79)

commit f9bb1cac3f600a78d1b00770879aa7a6d5f133e2
Author: Dr. David von Oheimb 
Date:   Wed Dec 2 17:22:14 2020 +0100

ghmerge: Make pulling the latest REMOTE/REF work als for non-default REF

This avoids potential git errors such as:

You asked to pull from the remote 'upstream', but did not specify
a branch. Because this is not the default configured remote
for your current branch, you must specify a branch on the command line.

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/79)

commit 4ed0a292ebf9c293f051a4f8b00280f3e7ad2717
Author: Dr. David von Oheimb 
Date:   Thu Nov 19 11:21:04 2020 +0100

ghmerge: improve doc of --remote and --ref options

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/79)

commit 3953ec2fe13961d35bd577c381a0680701c8bcbe
Author: Dr. David von Oheimb 
Date:   Thu Nov 19 10:35:28 2020 +0100

addrev: re-enable use of singe-character review names

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/79)

---

Summary of changes:
 review-tools/addrev  | 52 +---
 review-tools/ghmerge | 13 +++--
 2 files changed, 32 insertions(+), 33 deletions(-)

diff --git a/review-tools/addrev b/review-tools/addrev
index 473ad46..aa5215a 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -14,9 +14,12 @@ my $useself = 1;
 my $my_email;
 
 foreach (@ARGV) {
-if (/^\@.+$/) {
+if (/^(--prnum=)?(\d{1,6}+)$/) {
+$args .= "--prnum=$2 ";
+$haveprnum = 1;
+} elsif (/^\@.+$/) {
 $args .= "--reviewer=$_ ";
-} elsif (/^\w[-\w]+$/) {
+} elsif (/^\w[-\w]*$/) {
 if (/^[0-9a-f]{7,}+/) {
 print "Warning: overriding previous filter args $filterargs\n" if 
$filterargs ne "";
 $filterargs = $_;
@@ -40,21 +43,18 @@ foreach (@ARGV) {
 } elsif (/^--myemail=(.+)$/) {
 $my_email = $1;
 } elsif (/^--nopr$/) {
-   $haveprnum = 1;
-} elsif (/^(--prnum=)?(\d+)$/) {
-$args .= "--prnum=$2 ";
-   $haveprnum = 1;
+$haveprnum = 1;
 } elsif (/^--commit=(.+)$/) {
 $args .= "--commit=$1 ";
 } elsif (/^-(\d+)$/) {
 print "Warning: overriding previous filter args $filterargs\n" if 
$filterargs ne "";
 $filterargs = "HEAD~$1..";
 } elsif (/^--list$/) {
-   $list_reviewers = 1;
-   last;
+$list_reviewers = 1;
+last;
 } elsif (/^--help$/ || /^-h$/) {
-   $help = 1;
-   last;
+$help = 1;
+last;
 } else {
 print "Warning: overriding previous filter args $filterargs\n" if 
$filterargs ne "";
 $filterargs = $_;
@@ -91,20 +91,18 @@ usage: addrev args...
 
 option style arguments:
 
---help Print this help and exit
---list List the known reviewers and exit (discards all other
-   arguments)
---verbose  Be a bit more verbose
---trivial  Do not require a CLA
---reviewer=  A reviewer to be added on a Reviewed-by: line
---rmreviewers  Remove all existing Reviewed-by: lines before adding
-   reviewers
---commit=  Only apply to commit 
---myemail=  Set email address.  Defaults to the result from
-   git configuration setting user.email
---nopr Do not require a PR number
-[--prnum=]NNN   Add a reference to GitHub pull request NNN
--   Change the last  commits.  Defaults to 1
+--help Print this help and exit
+--list List the known reviewers and exit (discards all other 
arguments)
+--verbose  Be 

[tools] master update

[Matt Caswell]

The branch master has been updated
   via  96a195347859112c1520d1ef84690ec3109f1f49 (commit)
  from  dbd9a8a187e3ab8c59e41f957ba1135c364d231c (commit)


- Log -
commit 96a195347859112c1520d1ef84690ec3109f1f49
Author: Matt Caswell 
Date:   Tue Dec 1 14:49:50 2020 +

Ensure sanitizer builds use no-asm

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/77)

---

Summary of changes:
 run-checker/run-checker.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 643128d..19849cd 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -99,12 +99,12 @@ if run-hook prepare; then
 
 if [ "$opt" == "enable-asan" ]; then
 # A documented requirement for enable-asan is no-shared
-expandedopts="enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT"
+expandedopts="enable-asan no-shared no-asm 
-DOPENSSL_SMALL_FOOTPRINT"
 elif [ "$opt" == "enable-ubsan" ]; then
 # We've seen it on Travis already, ubsan requires -DPEDANTIC and
 # -fno-sanitize=alignment, or crypto/modes will fail to build in
 # some circumstances.  Running on a VM seems to be one of them.
-expandedopts="enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT 
-fno-sanitize=alignment"
+expandedopts="enable-ubsan no-asm -DPEDANTIC 
-DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment"
 elif [ "$opt" == "enable-fuzz-afl" ]; then
 warnopts=""
 optcc=afl-clang-fast 

[tools] master update

[tmraz]

The branch master has been updated
   via  dbd9a8a187e3ab8c59e41f957ba1135c364d231c (commit)
  from  a14edd05a9d088aea1e377e665da25b71a799e24 (commit)


- Log -
commit dbd9a8a187e3ab8c59e41f957ba1135c364d231c
Author: Tomas Mraz 
Date:   Wed Nov 18 16:48:48 2020 +0100

Fix regression from latest addrev change

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/tools/pull/76)

---

Summary of changes:
 review-tools/addrev | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/review-tools/addrev b/review-tools/addrev
index 5221500..473ad46 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -16,7 +16,7 @@ my $my_email;
 foreach (@ARGV) {
 if (/^\@.+$/) {
 $args .= "--reviewer=$_ ";
-} elsif (/^[-\w]+$/) {
+} elsif (/^\w[-\w]+$/) {
 if (/^[0-9a-f]{7,}+/) {
 print "Warning: overriding previous filter args $filterargs\n" if 
$filterargs ne "";
 $filterargs = $_;

[tools] master update

[Matt Caswell]

The branch master has been updated
   via  a14edd05a9d088aea1e377e665da25b71a799e24 (commit)
  from  0cce4862d4ea91d81b6ebcfdc3106d1331f2f291 (commit)


- Log -
commit a14edd05a9d088aea1e377e665da25b71a799e24
Author: Matt Caswell 
Date:   Tue Apr 21 15:29:24 2020 +0100

Add a note about closing the github advisory

If we've used a private github fork then we should close the advisory
and fork after the release is done.

Reviewed-by: Mark J. Cox 
(Merged from https://github.com/openssl/tools/pull/65)

---

Summary of changes:
 release-tools/README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/release-tools/README.md b/release-tools/README.md
index af2b78f..ad03508 100644
--- a/release-tools/README.md
+++ b/release-tools/README.md
@@ -223,6 +223,9 @@ Unfreeze the repository.
 If this release includes security fixes with a CVE then you should inform
 MITRE about them. See the instructions at the top of cvepool.txt in omc.
 
+Close the github advisory without pushing to github and remove the private
+github fork if there was one.
+
 Check mailing lists over the next few hours for reports of any success
 or failure. If necessary fix these and in the worst case make another
 release.

[tools] master update

[Richard Levitte]

The branch master has been updated
   via  0cce4862d4ea91d81b6ebcfdc3106d1331f2f291 (commit)
  from  cbcbecab06afa0d3189153d0189556a494ec7397 (commit)


- Log -
commit 0cce4862d4ea91d81b6ebcfdc3106d1331f2f291
Author: Nicola Tuveri 
Date:   Thu Jul 2 17:25:56 2020 +0300

[run-checker]: default to 4 parallel test jobs

 added support for
running the tests in parallel. The default is still to run them
sequentially.

This alters run-checker so that it defaults to 4 test jobs in parallel,
which seems a safe assumption given we are already using 4 building
jobs.

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/71)

---

Summary of changes:
 run-checker/run-checker.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 2617914..643128d 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -185,8 +185,9 @@ if run-hook prepare; then
 rkill SIGKILL $testpid $BASHPID
 ) 2> /dev/null &
 
+# If not set to another value, default to 4 test jobs
 echo "  make test"
-OPENSSL_GOST_ENGINE_SO="$gost_engine" log-exec make 
test>>build.log 2>&1
+HARNESS_JOBS=${HARNESS_JOBS:-4} 
OPENSSL_GOST_ENGINE_SO="$gost_engine" log-exec make test >>build.log 2>&1
 )
 ); then
 echo "  PASS"

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  cbcbecab06afa0d3189153d0189556a494ec7397 (commit)
   via  3fc412099f1cb8715d53573927a21b0285cab431 (commit)
   via  55833dbceeca7f9a362b6c17ae8573aad3f2449e (commit)
   via  2b6037ffb38fb570c3c549380c817d7ddc02019d (commit)
   via  bba96aea70e34ede6207d385a4d2fac9bbd0484f (commit)
   via  c2ee3847c39b64c9db85ccd0ef57d480377b58a8 (commit)
   via  ff0730a5f63fad755ded50f93c0695ede14f52b5 (commit)
   via  fb12734b783b8fc960a30e9e45e1f83c0dc382f5 (commit)
   via  298a2fff2eb559f59cce2581a5bc9c01528df8bb (commit)
   via  97a10ae6e3f0067a5fc764d99f90422539499090 (commit)
   via  b853c16f7ab05ddef8868826ca79360d68c5a5be (commit)
   via  f083502396430ece48fbc16f4576f9a810834a0d (commit)
   via  0ad6ea00ee84d84a595867e667d01c392432a74b (commit)
   via  4737a26009ca5f05e0a73ee64c9eb5389de5b0b1 (commit)
   via  3c304bd9b7e5342d29b34579268523582acc8064 (commit)
   via  f4550d08e2e19c6c49814f4d31d945e317e50a5b (commit)
  from  b6beff129e2cd4c74a75cfd367056c7d8e9b1517 (commit)


- Log -
commit cbcbecab06afa0d3189153d0189556a494ec7397
Author: Dr. David von Oheimb 
Date:   Sat Nov 14 15:41:58 2020 +0100

ghmerge: Add --help option and significantly extend usage hints (describing 
options)

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit 3fc412099f1cb8715d53573927a21b0285cab431
Author: Dr. David von Oheimb 
Date:   Thu Oct 8 13:32:17 2020 +0200

ghmerge: Rename variable 'REL' to more telling 'REF'

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit 55833dbceeca7f9a362b6c17ae8573aad3f2449e
Author: Dr. David von Oheimb 
Date:   Thu Oct 8 13:11:28 2020 +0200

ghmerge: Add --cherry-pick option (as alternative to rebase)

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit 2b6037ffb38fb570c3c549380c817d7ddc02019d
Author: Dr. David von Oheimb 
Date:   Thu Oct 8 13:09:35 2020 +0200

ghmerge: Remove redundant and error-prone 2nd rebase on current ref

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit bba96aea70e34ede6207d385a4d2fac9bbd0484f
Author: Dr. David von Oheimb 
Date:   Thu Oct 8 13:02:29 2020 +0200

ghmerge: Unify behavior on error in CLI arguments and improve usage output

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit c2ee3847c39b64c9db85ccd0ef57d480377b58a8
Author: Dr. David von Oheimb 
Date:   Thu Oct 8 13:29:41 2020 +0200

ghmerge: Make sure that on build error all error output is shown and then 
the tool exits

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit ff0730a5f63fad755ded50f93c0695ede14f52b5
Author: Dr. David von Oheimb 
Date:   Thu Oct 8 15:29:01 2020 +0200

ghmerge: Move adaptation of CC variable and improve the comment about it

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit fb12734b783b8fc960a30e9e45e1f83c0dc382f5
Author: Dr. David von Oheimb 
Date:   Thu Oct 8 15:38:58 2020 +0200

ghmerge: Automatically detect remote only if not explicitly given as option

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit 298a2fff2eb559f59cce2581a5bc9c01528df8bb
Author: Dr. David von Oheimb 
Date:   Thu Oct 8 12:46:32 2020 +0200

ghmerge: Improve flexibility providing reviewer names vs. commit refs 
(gitaddrev filter args)

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit 97a10ae6e3f0067a5fc764d99f90422539499090
Author: Dr. David von Oheimb 
Date:   Thu Oct 8 15:52:16 2020 +0200

ghmerge: Rename WORK branch that reflects the changes done by the PR

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit b853c16f7ab05ddef8868826ca79360d68c5a5be
Author: Dr. David von Oheimb 
Date:   Thu Oct 8 09:43:00 2020 +0200

ghmerge: Add --ref option to checkout given reference at first

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit f083502396430ece48fbc16f4576f9a810834a0d
Author: Dr. David von Oheimb 
Date:   Thu Oct 8 09:41:26 2020 +0200

ghmerge: Remove unused variable PREV

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/72)

commit 0ad6ea00ee84d84a595867e667d01c392432a74b

[tools] master update

[Richard Levitte]

The branch master has been updated
   via  b6beff129e2cd4c74a75cfd367056c7d8e9b1517 (commit)
  from  e4755452b7bd93c37d0d4b09ebfc7d2cb2f1f498 (commit)


- Log -
commit b6beff129e2cd4c74a75cfd367056c7d8e9b1517
Author: Richard Levitte 
Date:   Fri Nov 13 14:34:39 2020 +0100

release-tools/MKRELEASE.md: Add a note on suitability for OpenSSL 3.0

These release tools are not suitable for OpenSSL 3.0 and on, so we add
a note saying so.  release-tools/README.md will need to be retrofitted
for the release method used with OpenSSL 3.0.

Reviewed-by: Matt Caswell 
Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/tools/pull/73)

---

Summary of changes:
 release-tools/MKRELEASE.md | 5 +
 1 file changed, 5 insertions(+)

diff --git a/release-tools/MKRELEASE.md b/release-tools/MKRELEASE.md
index 04d6dc7..3c8c1e4 100644
--- a/release-tools/MKRELEASE.md
+++ b/release-tools/MKRELEASE.md
@@ -1,5 +1,10 @@
 # Documentation on the mkrelease.pl script
 
+**NOTE**: this script is unsuitable for OpenSSL 3.0 and on.  Instead, use
+the `dev/release.sh` script found in the source.  That script has a built
+in manual; `dev/release.sh --help` gives a quick usage summary, while
+`dev/release.sh --manual` displays a man-page.
+
 This file provides an overview of the mkrelease.pl script, and how to
 configure some of its parameters (by setting environment variables).
 It is normally run by following the process in README.md and should be

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  e4755452b7bd93c37d0d4b09ebfc7d2cb2f1f498 (commit)
   via  7f6a58bcc6ac8e06770d17be5ec24dd27fdc691b (commit)
  from  ff67949521c929a243309f8a983b14a129820b0f (commit)


- Log -
commit e4755452b7bd93c37d0d4b09ebfc7d2cb2f1f498
Author: Pauli 
Date:   Tue Jun 9 11:48:49 2020 +1000

NIST DRBG test vector data file.  Current 2020-06-09.
Vectors are from:

https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/68)

commit 7f6a58bcc6ac8e06770d17be5ec24dd27fdc691b
Author: Pauli 
Date:   Tue Jun 9 11:46:59 2020 +1000

rand-drbg: Add conversion script to create data for DRBG testing.

NIST's DRBG test data set isn't ideal for evp_test to process.  This script
massages the data into a format which is more suitable.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/68)

---

Summary of changes:
 nist-conversion/README.md   |  10 +++
 nist-conversion/convert_nist_drbg_test_data.lua |  88 
 nist-conversion/drbgtestvectors.zip | Bin 0 -> 13682977 bytes
 3 files changed, 98 insertions(+)
 create mode 100644 nist-conversion/README.md
 create mode 100755 nist-conversion/convert_nist_drbg_test_data.lua
 create mode 100644 nist-conversion/drbgtestvectors.zip

diff --git a/nist-conversion/README.md b/nist-conversion/README.md
new file mode 100644
index 000..5d3d8bd
--- /dev/null
+++ b/nist-conversion/README.md
@@ -0,0 +1,10 @@
+This directory contains tools that are used to convert between NIST supplied
+test data sets and internal formats.
+
+The `convert_nist_drbg_test_data.lua` script converts the
+[NIST DRBG test data]: 
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip
+to a format suitable for use in evp_test.
+
+The `drbgtestvectors.zip` file contains the DRGB test vectors that the
+`convert_nist_drbg_test_data.lua` script converted for the current OpenSSL
+source repository.
diff --git a/nist-conversion/convert_nist_drbg_test_data.lua 
b/nist-conversion/convert_nist_drbg_test_data.lua
new file mode 100755
index 000..be7fe4b
--- /dev/null
+++ b/nist-conversion/convert_nist_drbg_test_data.lua
@@ -0,0 +1,88 @@
+#!/usr/bin/env lua
+
+--[[
+A script to convert NIST DRBG test data into a format that evp_test can use.
+
+After unpacking the NIST DRBG test data found at:
+
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip
+
+Each of the nine test files needs to be run through this script.  The files are
+three set of three corresponding to the no reseeding, no prediction resistance
+and the prediction resistance suites.  Each trio should be processed:
+
+./convert_nist_drbg_test_data < CTR_DRBG.rsp >>evprand.txt
+./convert_nist_drbg_test_data < Hash_DRBG.rsp >>evprand.txt
+./convert_nist_drbg_test_data mac < HMAC_DRBG.rsp >>evprand.txt
+
+It is advisable to also include title lines between each of the test suites.
+
+--]]
+
+local hname = (arg[1] and arg[1]:find('mac')) and 'HMAC-DRBG' or 'HASH-DRBG'
+
+local state = 'skip'
+local index
+local remap = {
+ReturnedBits = 'Count',
+EntropyInput = 'Entropy',
+PersonalizationString = 'PersonalisationString',
+ReturnedBits = 'Output',
+EntropyInputPR = 'EntropyPredictionResistance',
+EntropyInputReseed = 'ReseedEntropy',
+AdditionalInputReseed = 'ReseedAdditionalInput',
+}
+
+for line in io.lines() do
+line = line:gsub(string.char(13), '')
+if line:len() > 1 and line:sub(1,1) ~= '#' then
+if line:sub(1,1) ==  '[' then
+if state == 'body' or state == 'skip' then
+index = 0
+addin = string.byte('A') - 1
+if line:find 'AES' then
+state = 'header'
+print ''
+print 'RAND = CTR-DRBG'
+if line:find 'no df' then
+print 'Availablein = default'
+end
+print('Cipher = ' .. line:sub(2):gsub('%s.*', '') .. 
'-CTR')
+if line:find 'use df' then
+print 'DerivationFunction = 1'
+end
+elseif line:find 'SHA' then
+state = 'header'
+print ''
+print('RAND = ' .. hname)
+print('Digest = ' .. line:gsub('[][]', ''))
+else
+state = 'skip'
+end
+end
+if state ~= 'skip' and line:find 'PredictionResistance' 

[tools] master update

[tmraz]

The branch master has been updated
   via  ff67949521c929a243309f8a983b14a129820b0f (commit)
   via  4bb402fbae5a9c7e48b8f205f035e3d181b4b22f (commit)
   via  c64d64ed24edb03457ca343a9197f5b221990112 (commit)
   via  da999bb4be744046be67944c6f14052810f742f8 (commit)
   via  3d59254cb7aac3427c89f7305995a7e59a8e0a5a (commit)
   via  6da33b651e1dedf576bb454f2dbe56b6ed6b5fef (commit)
  from  3a3d8929cfab681d3807983a584fb4d7042df4b2 (commit)


- Log -
commit ff67949521c929a243309f8a983b14a129820b0f
Author: Dr. David von Oheimb 
Date:   Wed Jun 10 11:35:23 2020 +0200

Simplify and generalize passing of addrev flags via ghmerge

commit 4bb402fbae5a9c7e48b8f205f035e3d181b4b22f
Author: Dr. David von Oheimb 
Date:   Wed Jun 10 11:34:11 2020 +0200

Add usage/doc/help text on --trivial option of 'addrev'

commit c64d64ed24edb03457ca343a9197f5b221990112
Author: Dr. David von Oheimb 
Date:   Sat Jun 6 20:27:02 2020 +0200

Make opensslbuild faster by adding -j4 option to 'make test'

commit da999bb4be744046be67944c6f14052810f742f8
Author: Dr. David von Oheimb 
Date:   Sat Jun 6 20:25:59 2020 +0200

Slightly improve user interaction of ghmerge

commit 3d59254cb7aac3427c89f7305995a7e59a8e0a5a
Author: Dr. David von Oheimb 
Date:   Mon May 25 21:10:54 2020 +0200

Improve author matching for skipping author in list of reviewers in 
gitaddrev

commit 6da33b651e1dedf576bb454f2dbe56b6ed6b5fef
Author: Dr. David von Oheimb 
Date:   Mon May 25 21:09:48 2020 +0200

Add check of REMOTE and --verbose option to ghmerge

---

Summary of changes:
 review-tools/addrev   |  7 ---
 review-tools/ghmerge  | 32 +---
 review-tools/gitaddrev| 17 +
 review-tools/opensslbuild |  4 ++--
 4 files changed, 32 insertions(+), 28 deletions(-)

diff --git a/review-tools/addrev b/review-tools/addrev
index 24032e7..5617199 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -85,15 +85,16 @@ option style arguments:
 --list List the known reviewers and exit (discards all other
arguments)
 --verbose  Be a bit more verbose
+--trivial  Do not require a CLA
 --reviewer=  A reviewer to be added on a Reviewed-by: line
 --rmreviewers  Remove all existing Reviewed-by: lines before adding
reviewers
 --commit=  Only apply to commit 
 --myemail=  Set email address.  Defaults to the result from
-   git configuration setting user.email.
---nopr Do not requre a PR number.
+   git configuration setting user.email
+--nopr Do not require a PR number
 [--prnum=]NNN   Add a reference to GitHub pull request NNN
--   Change the last  commits.  Defaults to 1.
+-   Change the last  commits.  Defaults to 1
 
 non-option style arguments can be:
 
diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index d2da9e6..9c8a903 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -4,17 +4,21 @@ set -o errexit
 
 WHAT=openssl
 BUILD=yes
-TRIVIAL=""
 INTERACTIVE=yes
 AUTOSQUASH="--autosquash"
 [ -z ${CC+x} ] && CC="ccache gcc" # the default otherwise is "ccache clang-3.6"
 REMOTE=`git remote -v | awk '/git.openssl.org.*(push)/{ print $1; }' | head -n 
1`
+if [ "$REMOTE" = "" ] ; then
+echo Cannot find remote git.openssl.org
+exit 1
+fi
 
 if [ ! -d .git ] ; then
 echo Not at top-level
 exit 1
 fi
 
+ADDREVOPTS=""
 # Parse JCL.
 while true ; do
 case "$1" in
@@ -24,9 +28,6 @@ while true ; do
 --web)
 WHAT=web ; BUILD=no ; shift
 ;;
---trivial)
-TRIVIAL="--trivial" ; shift
-;;
 --noautosquash)
 AUTOSQUASH="" ; shift
 ;;
@@ -47,9 +48,10 @@ while true ; do
 shift
 break
 ;;
--*)
-echo "$0: Unknown flag $1"
-exit 1
+-*) # e.g., --verbose, --trivial, --myemail=...
+ADDREVOPTS="$ADDREVOPTS $1"
+shift
+break
 ;;
 *)
 break
@@ -58,7 +60,7 @@ while true ; do
 done
 
 if [ $# -lt 2 ] ; then
-echo "Usage: $0 [flags] prnum reviewer..."
+echo "Usage: $0 [flags, including addrev flags] prnum reviewer..."
 exit 1
 fi
 PRNUM=$1 ; shift
@@ -89,14 +91,14 @@ REL=`git rev-parse --abbrev-ref HEAD`
 WORK="${WHO}-${BRANCH}"
 PREV=
 
-echo -n "Press Enter to pull the latest $REL from $REMOTE: "; read foo
+echo -n "Press Enter to pull the latest branch '$REL' from $REMOTE: "; read foo
 git pull $REMOTE $REL
 
 function cleanup {
 if [ "$WORK" != "$REL" ]; then
 git checkout -q $REL
 git branch -D $WORK
-git reset --hard $REMOTE/$REL
+git reset --hard $REMOTE/$REL # prune any leftover commits added 
locally
 fi
 }
 

[tools] master update

[Richard Levitte]

The branch master has been updated
   via  3a3d8929cfab681d3807983a584fb4d7042df4b2 (commit)
   via  0d8b3195d26d3382e4580633b49e0626225dfdad (commit)
  from  ed754fa33f1d80887e953a9cd849752d41775401 (commit)


- Log -
commit 3a3d8929cfab681d3807983a584fb4d7042df4b2
Author: Richard Levitte 
Date:   Thu Apr 23 12:23:34 2020 +0200

Move release-tools/do-release.pl to omc-tools

This is an infrastructure tool rather than a developer tool.

commit 0d8b3195d26d3382e4580633b49e0626225dfdad
Author: Richard Levitte 
Date:   Thu Apr 23 11:26:23 2020 +0200

Move a set of directories to omc-tools, as per vote concluded 2020-03-04

These directories are moved:

OpenSSL-Query
QueryApp
clacheck
github-approve-label-workflow
license
reports

---

Summary of changes:
 OpenSSL-Query/MANIFEST |  10 -
 OpenSSL-Query/Makefile.PL  |  44 -
 OpenSSL-Query/README.md|  70 ---
 OpenSSL-Query/lib/OpenSSL/Query.pm | 151 ---
 OpenSSL-Query/lib/OpenSSL/Query/ClaREST.pm |  44 -
 OpenSSL-Query/lib/OpenSSL/Query/PersonREST.pm  | 125 
 OpenSSL-Query/lib/OpenSSL/Query/REST.pm|  15 --
 OpenSSL-Query/t/00-load.t  |  13 --
 OpenSSL-Query/t/query.t| 140 --
 QueryApp/MANIFEST  |  13 --
 QueryApp/Makefile.PL   |  42 
 QueryApp/README.md |  82 
 QueryApp/RESTAPI.txt   |  50 -
 QueryApp/bin/query.psgi| 161 
 QueryApp/lib/OpenSSL/Query/ClaDB.pm|  60 --
 QueryApp/lib/OpenSSL/Query/DB.pm   |  15 --
 QueryApp/lib/OpenSSL/Query/PersonDB.pm | 118 
 QueryApp/lib/OpenSSL/Query/Role/OMC.pm |  37 
 QueryApp/public/dispatch.cgi   |  22 ---
 QueryApp/public/dispatch.fcgi  |  22 ---
 QueryApp/t/query.t | 176 -
 QueryApp/t/query_data/cdb.txt  |   1 -
 QueryApp/t/query_data/pdb.yaml |  19 --
 QueryApp/t/query_direct.t  | 137 -
 clacheck/README|  14 --
 clacheck/clacheck.py   | 113 ---
 github-approve-label-workflow/README.md|  20 --
 .../github-approve-label-workflow.py   | 171 
 license/.htaccess  |   5 -
 license/README |  30 ---
 license/add-counts |  41 
 license/add-lastchance |  92 -
 license/approved   |  55 --
 license/cgi-bin/authors.py |  90 -
 license/cgi-bin/lookup.py  |  98 --
 license/cgi-bin/receive-reply.py   |  72 ---
 license/cgi-bin/reply.py   |  73 ---
 license/cgi-bin/search.py  | 101 --
 license/cgi-bin/send-email.py  | 113 ---
 license/createdb   |  96 -
 license/devteam.py |  25 ---
 license/finduser   |  53 -
 license/get-authors|  35 
 license/get-followups  |  53 -
 license/get-summary|  48 -
 license/git-import | 127 
 license/git-import-all |   7 -
 license/index.html |  72 ---
 license/mailuser   |  87 -
 license/request-approval.txt   |  40 
 license/rmcommit   |  52 -
 license/rmuser |  23 ---
 license/style.css  |  17 --
 license/whattoremove   |  58 --
 release-tools/do-release.pl| 214 -
 reports/.gitignore |  13 --
 reports/LICENSE| 201 ---
 reports/Makefile   |  93 -
 reports/README |   3 -
 reports/bugs2csv.py|  89 -
 reports/ghstats|  26 ---
 reports/makereport  

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  ed754fa33f1d80887e953a9cd849752d41775401 (commit)
  from  dddec86b763599974ef6f07036b51ee5b3946067 (commit)


- Log -
commit ed754fa33f1d80887e953a9cd849752d41775401
Author: Dr. David von Oheimb 
Date:   Fri Feb 28 13:02:20 2020 +1000

make addrev exit with 1 in case of failure

improve hint on using --prnum=... in review-tools/addrev

Various tweaks to make ghmerge more usable

- make gcc (rather than clang-3.6) the default for rebuilding
- take the (SSH version of the) repo URL from the database
- add 'git pull' to get the latest state of the master
- add '-i --autosquash' to 'git rebase' and move it before addrev
- make '--nomerge' (which means interactive rebase) the default
- show the log of the commits be pushed (after addrev is called)
- print some more (and slightly improved) info what is going on
- tweak the safety questions being asked

extend and update documentation of addrev etc. in review-tools/README

add info on HTTPS transfer done by (git)addrev and ghmerge
also on use of 'https_proxy' and 'no_proxy' env variables

* extend general description
* make clear that ghmerge calls addrev
* add description of the ghmerge options

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/59)

---

Summary of changes:
 review-tools/README | 66 -
 review-tools/addrev | 12 ---
 review-tools/ghmerge| 80 -
 review-tools/pick-to-branch |  4 +--
 4 files changed, 118 insertions(+), 44 deletions(-)

diff --git a/review-tools/README b/review-tools/README
index 83f7802..3e38c8a 100644
--- a/review-tools/README
+++ b/review-tools/README
@@ -11,7 +11,10 @@ the QueryApp libraries as well.
 Environment
 ===
 
-Some of the scripts use the information REST API on https://api.openssl.org.
+Some of the scripts use the information REST API on https://api.openssl.org
+while ghmerge also uses https://api.github.com.
+The environment variables 'https_proxy' and 'no_proxy' can be used.
+
 If you have direct access to the databases and want to use that instead, set
 the environment variable OMC to the directory where they are located.
 
@@ -38,12 +41,16 @@ IDs prefixed with a @, or known email addresses if given 
with --reviewer.
 
 Run 'addrev --list' to ge a list of known reviewer names.
 
+The tool accesses databases on api.openssl.org.
+The environment variables 'https_proxy' and 'no_proxy' can be used.
+The transfer may take many seconds, in particular with the '--list' option.
+
 Examples:
 
-addrev steve
-addrev -2 steve
-addrev -2 steve @richsalz
-addrev -2 --reviewer=steve --reviewer=rs...@openssl.org
+addrev --prnum=1234 steve
+addrev 1234 -2 steve
+addrev 1234 -2 steve @richsalz
+addrev 1234 -2 --reviewer=steve --reviewer=rs...@openssl.org
 
 gitlabutil
 --
@@ -101,16 +108,45 @@ Checkout branch for query 145:
 ghmerge
 ---
 
-ghmerge merges (reviewed and approved!) GitHub pull requests
-
-It works on the current branch, which should be master or one of the stable
-releases.
-
-Usage:
-ghmerge ### reviewer...
-
-The ### is the GitHub MR number.  The rest of the args are the names of
-the reviewers (passed to addrev; see above).
+ghmerge calls addrev and pushes (reviewed and approved!) GitHub pull requests.
+It includes several safety precautions and questions such as showing the diff,
+showing the resulting commit messages, and (by default) rebuilding everything.
+
+It works on the current branch, which should be 'master' or one of the stable
+releases. The default remote is the first one matching 
'git.openssl.org.*(push)'.
+So typically before calling 'ghmerge' one would have done the following:
+
+   git remote -v
+origin openssl-...@git.openssl.org:openssl.git (fetch)
+origin openssl-...@git.openssl.org:openssl.git (push)
+   git fetch origin
+   git checkout master
+
+The tool accesses external databases on api.openssl.org and api.github.com.
+The environment variables 'https_proxy' and 'no_proxy' can be used.
+
+Example usage patterns:
+ghmerge  ...
+ghmerge --tools --squash  ...
+
+The default commit post-processing operaton is 'git rebase -i --autosquash'.
+
+Available options are:
+
+--noautosquash  Use default interactive post-processing but without 
'--autosquash'.
+--squashUse non-interactive post-processing 'git merge --ff-only 
--squash'.
+--nobuild   Do not use 'opensslbuild'.
+Else it is invoked with $CC defaulting to "ccache gcc".
+--remoteSelect the git remote of the branch to pull from and push to.
+Default is the first 

[tools] master update

[Matt Caswell]

The branch master has been updated
   via  dddec86b763599974ef6f07036b51ee5b3946067 (commit)
  from  c217de2c9b91c88f64ce6940b6c3ef5ef1a0bdae (commit)


- Log -
commit dddec86b763599974ef6f07036b51ee5b3946067
Author: Matt Caswell 
Date:   Wed Feb 5 15:23:46 2020 +

Don't run the GOST engine test in a no-deprecated build

The GOST engine uses some deprecated symbols. Until that is resolved we
don't run the GOST engine test in a no deprecated build.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/tools/pull/54)

---

Summary of changes:
 run-checker/run-checker.sh | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index f5be229..2617914 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -95,6 +95,8 @@ if run-hook prepare; then
 warnopts="--strict-warnings"
 optcc="clang"
 ldcmd=""
+gost_engine="$OPENSSL_GOST_ENGINE_SO"
+
 if [ "$opt" == "enable-asan" ]; then
 # A documented requirement for enable-asan is no-shared
 expandedopts="enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT"
@@ -113,6 +115,10 @@ if run-hook prepare; then
 expandedopts="enable-fuzz-libfuzzer 
--with-fuzzer-include=../../Fuzzer --with-fuzzer-lib=../../Fuzzer/libFuzzer 
-DPEDANTIC enable-asan enable-ubsan no-shared"
 elif [ "$opt" == "no-static-engine" ]; then
 expandedopts="no-static-engine no-shared"
+elif [ "$opt" == "no-deprecated" ]; then
+#The gost engine uses some deprecated symbols so we don't use it
+#in a no-deprecated build
+gost_engine=""
 fi
 
 if [ -z "$opt" ]; then
@@ -180,7 +186,7 @@ if run-hook prepare; then
 ) 2> /dev/null &
 
 echo "  make test"
-log-exec make test>>build.log 2>&1
+OPENSSL_GOST_ENGINE_SO="$gost_engine" log-exec make 
test>>build.log 2>&1
 )
 ); then
 echo "  PASS"

[tools] master update

[Richard Levitte]

The branch master has been updated
   via  c217de2c9b91c88f64ce6940b6c3ef5ef1a0bdae (commit)
   via  d250d42df4c99fd4ae57c75de514dcaf9ff96360 (commit)
  from  1a4ebc8a908344ddff8121eb664cf9f29e60d89a (commit)


- Log -
commit c217de2c9b91c88f64ce6940b6c3ef5ef1a0bdae
Author: Dr. David von Oheimb 
Date:   Tue Feb 11 12:03:21 2020 +0100

add missing dependency info to the Testing section of 
OpenSSL-Query/README.md

Reviewed-by: Paul Dale 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/58)

commit d250d42df4c99fd4ae57c75de514dcaf9ff96360
Author: Dr. David von Oheimb 
Date:   Tue Feb 11 12:01:31 2020 +0100

allow simple copy for the series of shell commands in 
OpenSSL-Query/README.md

Reviewed-by: Paul Dale 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/58)

---

Summary of changes:
 OpenSSL-Query/README.md | 23 ---
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/OpenSSL-Query/README.md b/OpenSSL-Query/README.md
index 27dd3fd..817a390 100644
--- a/OpenSSL-Query/README.md
+++ b/OpenSSL-Query/README.md
@@ -32,9 +32,8 @@ perl.
 Installation
 
 
-$ perl Makefile.PL
-$ make
-$ make install
+perl Makefile.PL
+make && make install
 
 Local installation
 
@@ -43,7 +42,7 @@ For a local installation, you might want to consider using 
local::lib
 (debian package liblocal-lib-perl).  In that case, running Makefile.PL
 is slightly different:
 
-$ perl -Mlocal::lib Makefile.PL
+perl -Mlocal::lib Makefile.PL
 
 Other than that, follow the instructions in "Installation" above.
 
@@ -58,12 +57,14 @@ Testing
 
 Testing is done like this:
 
-$ make test
+make test
 
-However, it requires that a temporary query service is started as
-well.  This is part of QueryApp, and is started like this:
+However, it requires the additional Perl module Dancer2 and
+plackup (debian packages libdancer2-perl and libplack-perl)
+and that a temporary query service is started as well.
+This is part of QueryApp, and is started like this:
 
-$ here=`pwd`
-$ cd ../QueryApp   # Or wherever you have it checked out
-$ PERSONDB=./t/query_data/pdb.yaml CLADB=./t/query_data/cdb.txt \
-  PERL5LIB=./lib:$here/lib plackup bin/query.psgi
+here=`pwd`# the directory OpenSSL-Query/
+cd ../QueryApp# Or wherever you have it checked out
+PERSONDB=./t/query_data/pdb.yaml CLADB=./t/query_data/cdb.txt \
+PERL5LIB=./lib:$here/lib plackup bin/query.psgi

[tools] master update

[Mark J . Cox]

The branch master has been updated
   via  1a4ebc8a908344ddff8121eb664cf9f29e60d89a (commit)
   via  aef3a920ed35ecf2d539c02ac3a77f45a82c8c2f (commit)
  from  b51efa70790d498f07e221348dc3e07f3b2889bc (commit)


- Log -
commit 1a4ebc8a908344ddff8121eb664cf9f29e60d89a
Author: Mark J. Cox 
Date:   Fri Feb 7 11:14:22 2020 +

PRs are issues but let's be clear

commit aef3a920ed35ecf2d539c02ac3a77f45a82c8c2f
Author: Mark J. Cox 
Date:   Fri Feb 7 11:00:40 2020 +

Add a notification when ready to merge
fixes #52

---

Summary of changes:
 github-approve-label-workflow/github-approve-label-workflow.py | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/github-approve-label-workflow/github-approve-label-workflow.py 
b/github-approve-label-workflow/github-approve-label-workflow.py
index 93ffd72..ecacdf5 100644
--- a/github-approve-label-workflow/github-approve-label-workflow.py
+++ b/github-approve-label-workflow/github-approve-label-workflow.py
@@ -59,6 +59,13 @@ def movelabeldonetoready(issue):
 res = requests.post(url, data=json.dumps(newlabel), headers=headers)
 if (res.status_code != 200):
 print("Error adding label", res.status_code, res.content)
+return
+newcomment = {"body":"This pull request is ready to merge"}
+url = api_url + "/issues/" + str(issue) + "/comments"
+res = requests.post(url, data=json.dumps(newcomment), headers=headers)
+if (res.status_code != 201):
+print("Error adding comment", res.status_code, res.content)
+return
 
 # Check through an issue and see if it's a candidate for moving
 

[tools] master update

[Mark J . Cox]

The branch master has been updated
   via  b51efa70790d498f07e221348dc3e07f3b2889bc (commit)
  from  216776e13b1673a13fccb525f2ec0c0d821f7525 (commit)


- Log -
commit b51efa70790d498f07e221348dc3e07f3b2889bc
Author: Mark J. Cox 
Date:   Thu Feb 6 09:29:24 2020 +

Remove requirement of Python 3.7+ (just Python  3 is needed)

---

Summary of changes:
 github-approve-label-workflow/README.md| 2 ++
 github-approve-label-workflow/github-approve-label-workflow.py | 5 ++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/github-approve-label-workflow/README.md 
b/github-approve-label-workflow/README.md
index 8442b58..6acf928 100644
--- a/github-approve-label-workflow/README.md
+++ b/github-approve-label-workflow/README.md
@@ -16,3 +16,5 @@ python github-approve-label-workflow --debug --token token.txt
 or to also actually change any labels
 
 python github-approve-label-workflow --debug --token token.txt --commit
+
+Requires Python 3
diff --git a/github-approve-label-workflow/github-approve-label-workflow.py 
b/github-approve-label-workflow/github-approve-label-workflow.py
index 99713f7..93ffd72 100644
--- a/github-approve-label-workflow/github-approve-label-workflow.py
+++ b/github-approve-label-workflow/github-approve-label-workflow.py
@@ -1,5 +1,5 @@
 #! /usr/bin/env python
-# requires python 3.7+
+# requires python 3
 #
 # Do we have any open PR's that have label "Approval: done"
 # that are over 24 hours without any other comments?
@@ -20,8 +20,7 @@ from optparse import OptionParser
 api_url = "https://api.github.com/repos/openssl/openssl;
 
 def convertdate(date):
-# python fromisoformat needs a TZ in hours/minutes
-return datetime.fromisoformat(date.replace('Z', '+00:00'))
+return datetime.strptime(date.replace('Z',"+"), "%Y-%m-%dT%H:%M:%S%z")
 
 # Get all the open pull requests, filtering by approval: done label
 

[tools] master update

[Mark J . Cox]

The branch master has been updated
   via  216776e13b1673a13fccb525f2ec0c0d821f7525 (commit)
   via  daa4fdc5eba7a9d7c10bee7ece40b9397eb7d8ca (commit)
   via  55a4f13f049861dfd06476d6d6e4cf1ac8a93c49 (commit)
  from  cbda6bd72e4abbe16a4a260312b1289a0e9e4764 (commit)


- Log -
commit 216776e13b1673a13fccb525f2ec0c0d821f7525
Author: Mark J. Cox 
Date:   Wed Feb 5 11:22:24 2020 +

Neews python 3.7+ (or do a different date parser)

commit daa4fdc5eba7a9d7c10bee7ece40b9397eb7d8ca
Author: Mark J. Cox 
Date:   Wed Feb 5 11:20:25 2020 +

Style changes undo yapf blank lines, and fix typo function name

commit 55a4f13f049861dfd06476d6d6e4cf1ac8a93c49
Author: Mark J. Cox 
Date:   Wed Feb 5 10:49:33 2020 +

Add a tool for checking and changing labels

---

Summary of changes:
 .gitignore |   3 +
 github-approve-label-workflow/README.md|  18 +++
 .../github-approve-label-workflow.py   | 165 +
 3 files changed, 186 insertions(+)
 create mode 100644 github-approve-label-workflow/README.md
 create mode 100644 
github-approve-label-workflow/github-approve-label-workflow.py

diff --git a/.gitignore b/.gitignore
index e3a688e..5c45ae8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -36,5 +36,8 @@ ghpass.txt
 /OpenSSL-Query/inc
 /OpenSSL-Query/pm_to_blib
 
+# in case someone forgets and commits their token
+github-approve-label-workflow/token.txt
+
 # Generic
 *~
diff --git a/github-approve-label-workflow/README.md 
b/github-approve-label-workflow/README.md
new file mode 100644
index 000..8442b58
--- /dev/null
+++ b/github-approve-label-workflow/README.md
@@ -0,0 +1,18 @@
+Do we have any open openssl PR requests that have the label
+"approval: done" that are over 24 hours old?  If so if there
+have been no other comments added since then we can automatically
+move them to "approval: ready to merge"
+
+You need a token to make label changes and to ensure you don't
+hit rate limiting if you just want a dry run.  Get one from
+https://github.com/settings/tokens/new select 'repo' only
+then put it in token.txt (prefix with the string "token ", i.e.
+echo "token 12903413aa" > token.txt
+
+to see what it would do:
+
+python github-approve-label-workflow --debug --token token.txt
+
+or to also actually change any labels
+
+python github-approve-label-workflow --debug --token token.txt --commit
diff --git a/github-approve-label-workflow/github-approve-label-workflow.py 
b/github-approve-label-workflow/github-approve-label-workflow.py
new file mode 100644
index 000..99713f7
--- /dev/null
+++ b/github-approve-label-workflow/github-approve-label-workflow.py
@@ -0,0 +1,165 @@
+#! /usr/bin/env python
+# requires python 3.7+
+#
+# Do we have any open PR's that have label "Approval: done"
+# that are over 24 hours without any other comments?
+#
+# get a token https://github.com/settings/tokens/new -- just repo is fine
+# pop it in token.txt or you'll get a bad API limit
+#
+# note that we'd use pyGithub but we can't as it doesn't fully handle the 
timeline objects
+# as of Feb 2020
+#
+# m...@openssl.org Feb 2020
+#
+import requests
+import json
+from datetime import datetime, timezone
+from optparse import OptionParser
+
+api_url = "https://api.github.com/repos/openssl/openssl;
+
+def convertdate(date):
+# python fromisoformat needs a TZ in hours/minutes
+return datetime.fromisoformat(date.replace('Z', '+00:00'))
+
+# Get all the open pull requests, filtering by approval: done label
+
+def getpullrequests():
+url = api_url + "/pulls?per_page=100=1"  # defaults to open
+res = requests.get(url, headers=headers)
+repos = res.json()
+prs = []
+while 'next' in res.links.keys():
+res = requests.get(res.links['next']['url'], headers=headers)
+repos.extend(res.json())
+
+# Let's filter by label if we're just looking to move things, we can parse
+# everything for statistics in another script
+
+try:
+for pr in repos:
+if 'labels' in pr:
+for label in pr['labels']:
+if label['name'] == 'approval: done':
+prs.append(pr['number'])
+except:
+print("failed", repos['message'])
+return prs
+
+# Change the labels on an issue from approval: done to approval: ready to merge
+
+def movelabeldonetoready(issue):
+url = api_url + "/issues/" + str(issue) + "/labels/approval:%20done"
+res = requests.delete(url, headers=headers)
+if (res.status_code != 200):
+print("Error removing label", res.status_code, res.content)
+return
+url = api_url + "/issues/" + str(issue) + "/labels"
+newlabel = {"labels": ["approval: ready to merge"]}
+res = requests.post(url, data=json.dumps(newlabel), headers=headers)
+if 

[tools] master update

[Matt Caswell]

The branch master has been updated
   via  cbda6bd72e4abbe16a4a260312b1289a0e9e4764 (commit)
  from  73b0391902c67f9ebfcd5fa96cc10734d9631da8 (commit)


- Log -
commit cbda6bd72e4abbe16a4a260312b1289a0e9e4764
Author: Nicola Tuveri 
Date:   Sun Jan 5 10:52:57 2020 +0200

Apply OTC changes to gitaddrev

After the changes in https://github.com/openssl/web/pull/146
`gitaddrev` (on which `addrev` depends) required an update to count OTC
approvals rather than OMC approvals.

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/tools/pull/50)

---

Summary of changes:
 review-tools/gitaddrev | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev
index 1c2071e..177a92a 100755
--- a/review-tools/gitaddrev
+++ b/review-tools/gitaddrev
@@ -29,7 +29,7 @@ my @reviewers;
 my @nocla_reviewers;
 my @unknown_reviewers;
 my $skip_reviewer;
-my $omccount = 0;
+my $otccount = 0;
 sub try_add_reviewer {
 my $id = shift;
 my $rc = undef;
@@ -39,7 +39,7 @@ sub try_add_reviewer {
my $cla = $query->has_cla(lc $rev);
if ($cla) {
unless (grep {$_ eq $rev} @reviewers) {
-   $omccount++ if $query->is_member_of($id2, 'omc');
+   $otccount++ if $query->is_member_of($id2, 'otc');
push @reviewers, $rev;
}
$rc = $rev;
@@ -64,9 +64,9 @@ foreach (@ARGV) {
foreach ($query->list_people()) {
my $email_id = (grep { ref($_) eq "" && $_ =~ m|\@| } @$_)[0];
my $rev = $query->find_person_tag($email_id, 'rev');
-   my $omc = $query->is_member_of($email_id, 'omc');
+   my $otc = $query->is_member_of($email_id, 'otc');
next unless $query->has_cla(lc $rev);
-   next unless $query->is_member_of($email_id, 'commit') || $omc;
+   next unless $query->is_member_of($email_id, 'commit') || $otc;
my @ids =
sort grep { $_ =~ /^[a-z]+$/ || $_ =~ /^\@(?:\w|\w-\w)+$/ }
map {
@@ -78,13 +78,13 @@ foreach (@ARGV) {
}
} @$_;
foreach (@ids) {
-   $list{$_} = { tag => $rev, omc => $omc };
+   $list{$_} = { tag => $rev, otc => $otc };
}
}
foreach (sort { my $res = $list{$a}->{tag} cmp $list{$b}->{tag};
$res != 0 ? $res : ($a cmp $b) } keys %list) {
printf "%-15s %-6s (%s)\n",
-   $_, $list{$_}->{omc} ? "[OMC]" : "", $list{$_}->{tag};
+   $_, $list{$_}->{otc} ? "[OTC]" : "", $list{$_}->{tag};
}
exit 0;
 } elsif (/^--reviewer=(.+)$/) {
@@ -158,8 +158,8 @@ print STDERR "Going with these reviewers:\n  ", join("\n  
", @reviewers), "\n"
 if (scalar @reviewers < 2) {
 die "Too few reviewers (total must be at least 2)\n";
 }
-if ($omccount < 1) {
-die "At least one of the reviewers must be an OMC member\n";
+if ($otccount < 1) {
+die "At least one of the reviewers must be an OTC member\n";
 }
 if ($skip_reviewer) {
 @reviewers = grep { $_ ne $skip_reviewer } @reviewers;

[tools] master update

[Richard Levitte]

The branch master has been updated
   via  73b0391902c67f9ebfcd5fa96cc10734d9631da8 (commit)
  from  dca934dedad04b7ba72542f0aefbeb54e22e55e1 (commit)


- Log -
commit 73b0391902c67f9ebfcd5fa96cc10734d9631da8
Author: Dr. Matthias St. Pierre 
Date:   Sat Oct 26 00:45:17 2019 +0200

clacheck: rename 'need-cla' label to 'hold: cla required'

Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/47)

---

Summary of changes:
 clacheck/clacheck.py | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/clacheck/clacheck.py b/clacheck/clacheck.py
index afa09f0..2dbb6fd 100755
--- a/clacheck/clacheck.py
+++ b/clacheck/clacheck.py
@@ -20,6 +20,8 @@ SUCCESS = 'success'
 FAILURE = 'failure'
 CLAFILE = "/var/cache/openssl/checkouts/omc/cladb.txt" #
 
+CLA_LABEL = 'hold: cla required'
+
 null_actions = (
 'assigned', 'unassigned', 'labeled', 'unlabeled', 'closed',
 'review_requested', 'review_request_removed',
@@ -55,14 +57,14 @@ def update_status(pr, state, description):
 conn.getresponse().read()
 host,url = url_split(pr['issue_url'])
 if state == SUCCESS:
-url = url + '/labels/need-cla'
+url = url + '/labels/' + urllib.quote(CLA_LABEL)
 print 'Delete', url
 conn.request('DELETE', url, None, headers)
 elif state == FAILURE:
 url = url + '/labels'
 print 'Add need-cla', url
 conn.set_debuglevel(99)
-conn.request('POST', url, '[ "need-cla" ]', headers)
+conn.request('POST', url, '[ "{}" ]'.format(CLA_LABEL), headers)
 reply = conn.getresponse().read()
 print "--\n", reply
 

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  dca934dedad04b7ba72542f0aefbeb54e22e55e1 (commit)
  from  e3587da72ead14568de95a8fb1cf8198f71e4200 (commit)


- Log -
commit dca934dedad04b7ba72542f0aefbeb54e22e55e1
Author: Dr. Matthias St. Pierre 
Date:   Fri Oct 4 01:17:38 2019 +0200

cherry-checker: fix column alignment

Since GitHub pull request numbers went from 4-digit to 5-digit numbers,
the table output looked ragged. This commit fixes the alignment.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/44)

---

Summary of changes:
 review-tools/cherry-checker | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/review-tools/cherry-checker b/review-tools/cherry-checker
index 318eee6..8e476f3 100755
--- a/review-tools/cherry-checker
+++ b/review-tools/cherry-checker
@@ -145,8 +145,8 @@ if __name__ == '__main__':
   ->  {right}
   ==  both
 
- prnum | fixes | br |   commit   |   subject
- - | - | -- | -- | 
---""".format(
+ prnum  | fixes  | br |   commit   |   subject
+--- | -- | -- | -- | 
---""".format(
  left = left,
  right = right))
 
@@ -154,8 +154,8 @@ if __name__ == '__main__':
 
 try:
 for prnum, fixes, _, branch, commit, subject in commits:
-print(' #{:>4} | {:>5} | {} | {} | {} '.format(
-prnum, fixes, branch_marker[branch], commit, subject
+print(' {:>6} | {:>6} | {} | {} | {} '.format(
+'#'+prnum, fixes, branch_marker[branch], commit, subject
 ))
 except subprocess.CalledProcessError as e:
 print(e, file=sys.stderr)

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  e3587da72ead14568de95a8fb1cf8198f71e4200 (commit)
  from  571c0af75c9dc840757b5478c83a14d49af84bee (commit)


- Log -
commit e3587da72ead14568de95a8fb1cf8198f71e4200
Author: Dr. Matthias St. Pierre 
Date:   Thu Oct 3 23:34:14 2019 +0200

cherry-checker: fix: don't choke on semicolons in the commit message title

The semicolon is used as separator for the git output, so make sure
to stop the line.split() after the third separator, otherwise the
subject line might get split further.

(see openssl/openssl@bd01733fdd Fix comment; unchecked->checked)

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/43)

---

Summary of changes:
 review-tools/cherry-checker | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/review-tools/cherry-checker b/review-tools/cherry-checker
index dbdbd06..318eee6 100755
--- a/review-tools/cherry-checker
+++ b/review-tools/cherry-checker
@@ -88,7 +88,7 @@ def pick_cherries(left, right, all = False):
 
 for line in subprocess.check_output(git_command).decode().splitlines():
 
-timestamp, branch, commit, subject = line.split(";")
+timestamp, branch, commit, subject = line.split(";", maxsplit=3)
 
 if branch == '=' and not all:
 continue

[tools] master update

[Matt Caswell]

The branch master has been updated
   via  571c0af75c9dc840757b5478c83a14d49af84bee (commit)
  from  fe185a2b8f12669f7a9a88582cb63ad316cd2382 (commit)


- Log -
commit 571c0af75c9dc840757b5478c83a14d49af84bee
Author: Matt Caswell 
Date:   Wed Aug 28 17:33:47 2019 +0100

Fix enable-fuzz-afl builds in run-checker

We now require no-module for successful enable-fuzz-afl builds

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/42)

---

Summary of changes:
 run-checker/run-checker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 3a76af6..f5be229 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -106,7 +106,7 @@ if run-hook prepare; then
 elif [ "$opt" == "enable-fuzz-afl" ]; then
 warnopts=""
 optcc=afl-clang-fast 
-expandedopts="enable-fuzz-afl no-shared"
+expandedopts="enable-fuzz-afl no-shared no-module"
 elif [ "$opt" == "enable-fuzz-libfuzzer" ]; then
 warnopts=""
 ldcmd=clang++

[tools] master update

[Richard Levitte]

The branch master has been updated
   via  f629412298e2740a6a2ee0b8db183462667f5aee (commit)
  from  31b2767973d7a072a36c0eaf68861f9a1a3fe7b2 (commit)


- Log -
commit f629412298e2740a6a2ee0b8db183462667f5aee
Author: Dr. Matthias St. Pierre 
Date:   Thu Aug 1 13:26:14 2019 +0200

QueryApp: enhance documentation of local installation via local::lib

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/39)

---

Summary of changes:
 QueryApp/README.md | 21 +
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/QueryApp/README.md b/QueryApp/README.md
index fe9c47f..c0018f6 100644
--- a/QueryApp/README.md
+++ b/QueryApp/README.md
@@ -55,11 +55,24 @@ is slightly different:
 
 Other than that, follow the instructions in "Installation" above.
 
-To get the paths right permanently, you might want to consider adding
-this in your `.bash_profile`, `.bashrc` och corresponding shell init
-script:
+The local installation method works best if the `PERL5LIB` environment variable
+(among others) is set correctly in the shell profile. A comprehensive guide how
+to do it correctly can be found in the manual page (`perldoc local::lib`,
+or online at [local::lib](https://metacpan.org/pod/local::lib)).
 
-eval "`perl -I$HOME/perl5/lib/perl5 -Mlocal::lib`"
+Essentially, it boils down to adding the following line to your shell profile
+(e.g. `.bash_profile`, `.bashrc` for bash):
+
+eval "$(perl -I$HOME/perl5/lib/perl5 -Mlocal::lib)"
+
+The inner perl command will print roughly the following output, which then gets
+evaluated by the shell to update the environment accordingly.
+
+PATH="/home//perl5/bin${PATH:+:${PATH}}"; export PATH;
+PERL5LIB="/home//perl5/lib/perl5${PERL5LIB:+:${PERL5LIB}}"; export 
PERL5LIB;
+
PERL_LOCAL_LIB_ROOT="/home//perl5${PERL_LOCAL_LIB_ROOT:+:${PERL_LOCAL_LIB_ROOT}}";
 export PERL_LOCAL_LIB_ROOT;
+PERL_MB_OPT="--install_base \"/home//perl5\""; export PERL_MB_OPT;
+PERL_MM_OPT="INSTALL_BASE=/home//perl5"; export PERL_MM_OPT;
 
 Testing
 ---

[tools] master update

[Richard Levitte]

The branch master has been updated
   via  fe185a2b8f12669f7a9a88582cb63ad316cd2382 (commit)
  from  f629412298e2740a6a2ee0b8db183462667f5aee (commit)


- Log -
commit fe185a2b8f12669f7a9a88582cb63ad316cd2382
Author: Dr. Matthias St. Pierre 
Date:   Wed Aug 14 01:24:55 2019 +0200

Add new ghlink tool

Usage:
  ghlink [...] [...]

Concatenate the given file(s) to standard output, converting repository
locations into GitHub links. If no file is given, read from stdin.

Options:
--help
Print a brief help message and exit.

--man
Print the manual page and exit.

--markdown | -m
Convert the locations to links in markdown syntax, with the location
in square brackets, followed by the link in parentheses.

--permanent | -p
Always resolve branches to (unabbreviated) commit-ids for printing
the link.

--list | -l
List only the links of all locations found, and omit the rest of the
text. This option is useful together with the --permanent option to
create GitHub permalinks, see EXAMPLES section below.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/40)

---

Summary of changes:
 review-tools/ghlink | 282 
 1 file changed, 282 insertions(+)
 create mode 100755 review-tools/ghlink

diff --git a/review-tools/ghlink b/review-tools/ghlink
new file mode 100755
index 000..888627e
--- /dev/null
+++ b/review-tools/ghlink
@@ -0,0 +1,282 @@
+#!/usr/bin/env perl
+#
+# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ghlink - convert repository locations into GitHub links
+#
+
+use warnings;
+use strict;
+
+use File::Basename;
+use Getopt::Long;
+use Pod::Usage;
+
+my $progname=basename($0);
+
+my $repo = "https://github.com/openssl/openssl;;
+my $tree = "$repo/tree";
+my $blob = "$repo/blob";
+
+my $regex_name = "[[:alpha:]._-]+[[:alnum:]._-]*";
+my $regex_revision = "[[:alnum:]._-]+";
+my $regex_path = "(?:${regex_name}/)*${regex_name}";
+my $regex_lineno = "[0-9]+";
+
+my $style = 'default';
+
+my $replace = \
+
+my $markdown = 0;
+my $permanent = 0;
+my $list = 0;
+my $help = 0;
+my $man = 0;
+
+GetOptions('markdown|m'=> \$markdown,
+   'permanent|p'   => \$permanent,
+   'list|l'=> \$list,
+   'help|h'=> \$help,
+   'man'   => \$man)
+or die "Errors in command line arguments\n";
+
+if ($help) {
+pod2usage(-exitval => 0,
+  -verbose => 1);
+}
+if ($man) {
+pod2usage(-exitval => 0,
+  -verbose => 2);
+}
+
+if ($markdown) {
+$replace = \
+}
+
+
+my $remotes = `git remote -v`;
+if ($? != 0 or $remotes !~ "openssl\.git") {
+die "Current directory does not belong to an OpenSSL git repository";
+}
+
+my $curr_branch = `git rev-parse --abbrev-ref HEAD`;
+chomp $curr_branch;
+
+my $prefix = `git rev-parse --show-prefix`;
+chomp $prefix;
+
+
+# some results are cached for efficiency reasons
+
+my %commits;
+my %urls;
+
+sub check_url {
+my ($match, $revision, $path, $lineno) = @_;
+
+if (!defined($revision)) {
+$revision = $curr_branch;
+}
+
+my $abbrev_commit = ($permanent) ? "" : "--abbrev-commit";
+
+if (!defined($commits{$revision})) {
+my $c = `git rev-list $abbrev_commit -1 $revision -- 2>/dev/null`;
+chomp $c;
+
+if ($? != 0) {
+$commits{$revision} = "";
+} elsif ($permanent) {
+# always use the commit id if --permanent was specified
+$commits{$revision} = $c;
+} else {
+# if a branch name was specified, use if it exists remotely
+# otherwise, use the commit id
+`git ls-remote --exit-code $repo --heads refs/heads/$revision`;
+$commits{$revision} = ($? == 0) ? $revision : $c;
+}
+}
+
+$revision = $commits{$revision};
+
+if (!$revision) {
+return "";
+}
+
+my $gitpath = "$revision:$prefix$path";
+
+if (!defined($urls{$gitpath})) {
+# create urls only for objects in the local repository
+`git rev-parse $gitpath 2>/dev/null`;
+if ($? != 0) {
+$urls{$gitpath} = "";
+} else {
+$urls{$gitpath} = "$blob/$revision/$prefix$path";
+}
+}
+
+my $url = $urls{$gitpath};
+
+if (!$url) {
+return "";
+}
+
+return 

[tools] master update

[Richard Levitte]

The branch master has been updated
   via  31b2767973d7a072a36c0eaf68861f9a1a3fe7b2 (commit)
  from  f35dfdd6bba36d9b7568ee235177726ee6fe0f33 (commit)


- Log -
commit 31b2767973d7a072a36c0eaf68861f9a1a3fe7b2
Author: Richard Levitte 
Date:   Thu Mar 14 08:09:07 2019 +0100

run-checker: Check enabling and disabling trace

Reviewed-by: Matt Caswell 
Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/tools/pull/37)

---

Summary of changes:
 run-checker/run-checker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 499fb02..3a76af6 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -43,7 +43,7 @@ enable-unit-test no-whirlpool enable-weak-ssl-ciphers 
enable-zlib
 enable-zlib-dynamic 386 no-dtls no-tls no-ssl3 no-tls1 no-tls1_1 no-tls1_2
 no-dtls1 no-dtls1_2 no-ssl3-method no-tls1-method no-tls1_1-method
 no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 no-sm2
-no-sm3 no-sm4 )
+no-sm3 no-sm4 enable-trace )
 
 run-hook () {
 local hookname=$1; shift

[tools] master update

[Dr . Paul Dale]

The branch master has been updated
   via  f35dfdd6bba36d9b7568ee235177726ee6fe0f33 (commit)
  from  191d279c0e11953cd1a3d02e3fe422391cf9674f (commit)


- Log -
commit f35dfdd6bba36d9b7568ee235177726ee6fe0f33
Author: Pauli 
Date:   Thu May 9 20:02:46 2019 +1000

BN random range testing.

Add a script to generate critical value tables for the bn_rand_range 
stochastic
test.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/38)

---

Summary of changes:
 statistics/README   |  6 +
 statistics/bn_rand_range.py | 61 +
 2 files changed, 67 insertions(+)
 create mode 100644 statistics/README
 create mode 100755 statistics/bn_rand_range.py

diff --git a/statistics/README b/statistics/README
new file mode 100644
index 000..d564104
--- /dev/null
+++ b/statistics/README
@@ -0,0 +1,6 @@
+
+This collection of scripts contains statistical scripts.
+
+
+bn_rand_range.pyGenerate the critical values tables for 
test/bn_rand_range.c
+There is a dependency on the scipi package.
diff --git a/statistics/bn_rand_range.py b/statistics/bn_rand_range.py
new file mode 100755
index 000..57a579b
--- /dev/null
+++ b/statistics/bn_rand_range.py
@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+
+# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Run this using:
+#   bn_rand_range.py > $(OPENSSL)/test/bn_rand_range.h
+#
+# There is a dependency of scipi, include the package python3-scipy to resolve
+# this.
+
+from datetime import datetime
+from scipy.stats import chi2, binom
+
+alpha_chi2 = 0.95
+alpha_binomial = 0.
+test_cases = list(range(2, 20)) \
+ + [x * 10 + 10 for x in range(1, 10)] \
+ + [x * 1000 for x in range(1, 11)]
+
+# The rest of this file produces the C include file
+
+def do_case(n):
+"Output a single formatted row in the table"
+ns = "%d," % n
+iterations = "%d," % (n * (100 if n < 1000 else 10))
+critical = "%f" % (chi2.ppf(alpha_chi2, n - 1))
+print("{ %6s %8s %12s }," % ( ns, iterations, critical ))
+
+# Work out the copyright year range
+year = datetime.today().year
+if year != 2019:
+year = "2019-%d" % year
+
+print("""/*
+ * WARNING: do not edit!
+ * Generated by statistics/bn_rand_range.py in the OpenSSL tool repository.
+ *
+ * Copyright %s The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+static const struct {
+unsigned int range;
+unsigned int iterations;
+double critical;
+} rand_range_cases[] = {""" % year)
+num_cases = len(list(map(do_case, test_cases)))
+print("};\n")
+
+# Finally, calculate and output the lower tail binomial threshold.
+b_thresh = binom.isf(alpha_binomial, num_cases, alpha_chi2)
+print("static const int binomial_critical = %d;\n" % b_thresh)

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  191d279c0e11953cd1a3d02e3fe422391cf9674f (commit)
   via  617dbc4a479831adbf711df0879324b23d5f4cb6 (commit)
   via  a89caedb7667bec77ca155ef99b6beacd7a4479c (commit)
  from  1de20a3a49e1b4f6e7104b84b8fc5594b144712a (commit)


- Log -
commit 191d279c0e11953cd1a3d02e3fe422391cf9674f
Author: Richard Levitte 
Date:   Tue Nov 20 16:34:16 2018 +0100

release-tools/do-copyright-year: skip versioned directories

These are submodules, and we have no interest changing those.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/tools/pull/36)

commit 617dbc4a479831adbf711df0879324b23d5f4cb6
Author: Richard Levitte 
Date:   Tue Nov 20 16:33:12 2018 +0100

release-tools/do-copyright-year: more efficient skip of D records

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/tools/pull/36)

commit a89caedb7667bec77ca155ef99b6beacd7a4479c
Author: Richard Levitte 
Date:   Tue Nov 20 16:30:21 2018 +0100

release-tools/do-copyright-year: add a spinner+counter to show process

When a lot of changes has happened in a branch, processing all the
files can take some time, so this adds some visual progress feedback.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/tools/pull/36)

---

Summary of changes:
 release-tools/do-copyright-year | 30 --
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/release-tools/do-copyright-year b/release-tools/do-copyright-year
index 6c3d710..8bebf6a 100755
--- a/release-tools/do-copyright-year
+++ b/release-tools/do-copyright-year
@@ -29,12 +29,30 @@ EOF
 
 NYD=`date +%Y-01-01`
 echo Updating copryight
-git diff-tree -r --name-status `git rev-list -1 --before=$NYD HEAD`..HEAD \
-   | while read STATUS FILE ; do
-if [ "$STATUS" = 'D' ]; then continue; fi
-sed -E -f /tmp/sed$$ -i "$FILE"
-git add "$FILE"
-done
+git diff-tree -r --name-status `git rev-list -1 --before=$NYD HEAD`..HEAD | \
+grep -v '^ *D' | \
+(
+   count=0
+   sp="/-\|"
+   sc=0
+   spin() {
+   printf "\r${sp:sc++:1} %s" "$@"
+   ((sc==${#sp})) && sc=0
+   }
+   endspin() {
+   printf "\r%s\n" "$@"
+   }
+
+   while read STATUS FILE ; do
+   if [ -d "$FILE" ]; then continue; fi
+   (( count++ ))
+   spin $count
+   sed -E -f /tmp/sed$$ -i "$FILE"
+   git add "$FILE"
+   done
+   endspin "Files considered: $count"
+)
+echo Files changed: $(git status --porcelain | grep '^ *M' | wc -l)
 echo Committing change locally.
 git commit -m 'Update copyright year'
 rm -f $ss
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  1de20a3a49e1b4f6e7104b84b8fc5594b144712a (commit)
   via  cd0711f60154d5da0f9974349b897a2615934554 (commit)
  from  b7d03f8bd7e918a96c25eb6fadd1b70f28cc6e39 (commit)


- Log -
commit 1de20a3a49e1b4f6e7104b84b8fc5594b144712a
Author: Pauli 
Date:   Sun Nov 18 15:59:41 2018 +1000

add dependencies to Makefile.PL

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/35)

commit cd0711f60154d5da0f9974349b897a2615934554
Author: Pauli 
Date:   Sun Nov 18 10:06:32 2018 +1000

Tool changes for Mac OS/X.

Perl ends up with a different path when installed using _brew_.  The system 
perl
seems to have broken _cpan_ somehow.

Some additional packages need to be installed.

PATH also needs to be set so it can find the _plackup_ executable.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/35)

---

Summary of changes:
 OpenSSL-Query/Makefile.PL | 2 ++
 OpenSSL-Query/README.md   | 2 ++
 review-tools/addrev   | 2 +-
 review-tools/gitaddrev| 2 +-
 review-tools/gitlabutil   | 2 +-
 5 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/OpenSSL-Query/Makefile.PL b/OpenSSL-Query/Makefile.PL
index ac80b4a..a98f4e6 100644
--- a/OpenSSL-Query/Makefile.PL
+++ b/OpenSSL-Query/Makefile.PL
@@ -35,6 +35,8 @@ requires (
'URI::Encode'=> 0,
Moo  => 0,
Carp => 0,
+   'LWP::UserAgent' => 0,
+   'LWP::Protocol::https' =>0,
 );
 
 install_as_site;
diff --git a/OpenSSL-Query/README.md b/OpenSSL-Query/README.md
index df036d8..27dd3fd 100644
--- a/OpenSSL-Query/README.md
+++ b/OpenSSL-Query/README.md
@@ -23,6 +23,8 @@ OpenSSL::Query requires these extra modules to run:
 - Class::Method::Modifiers (debian package libclass-method-modifiers-perl)
 - Moo  (debian package libmoo-perl)
 - URI::Encode  (debian package liburi-encode-perl)
+- LWP::UserAgent
+- LWP::Protocol::https
 
 Any other module OpenSSL::Query depends on should be part of core
 perl.
diff --git a/review-tools/addrev b/review-tools/addrev
index ce770f3..5cadfdb 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 use strict;
 use warnings;
diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev
index 4b97298..1c2071e 100755
--- a/review-tools/gitaddrev
+++ b/review-tools/gitaddrev
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 use strict;
 use warnings;
diff --git a/review-tools/gitlabutil b/review-tools/gitlabutil
index 03fb02d..f700644 100755
--- a/review-tools/gitlabutil
+++ b/review-tools/gitlabutil
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 use HTTP::Tiny;
 use JSON::PP;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  b7d03f8bd7e918a96c25eb6fadd1b70f28cc6e39 (commit)
  from  e759eccf4e6bd38f8a16e8ee053b1da978d4fb89 (commit)


- Log -
commit b7d03f8bd7e918a96c25eb6fadd1b70f28cc6e39
Author: Richard Levitte 
Date:   Fri Nov 16 00:55:11 2018 +0100

gitaddrev: don't lowercase the git author email address

That may lead to difficulties matching with the person database.

Reviewed-by: Matthias St. Pierre 
Reviewed-by: Paul Yang 
(Merged from https://github.com/openssl/tools/pull/34)

---

Summary of changes:
 review-tools/gitaddrev | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev
index 08cc5d8..4b97298 100755
--- a/review-tools/gitaddrev
+++ b/review-tools/gitaddrev
@@ -128,7 +128,7 @@ if (my $rev = try_add_reviewer($ENV{GIT_AUTHOR_EMAIL})) {
 # In case the author is unknown to our databases or is lacking a CLA,
 # we need to be extra careful to check if this is supposed to be a
 # trivial commit.
-my $author = lc($ENV{GIT_AUTHOR_EMAIL});
+my $author = $ENV{GIT_AUTHOR_EMAIL};
 
 # Note: it really should be enough to check if $author is unknown, since
 # the databases are supposed to be consistent with each other.  However,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  e759eccf4e6bd38f8a16e8ee053b1da978d4fb89 (commit)
  from  ca2469ca133476e1fb3f89bbaf43f8d7a4244c25 (commit)


- Log -
commit e759eccf4e6bd38f8a16e8ee053b1da978d4fb89
Author: Dr. Matthias St. Pierre 
Date:   Wed Oct 24 08:53:38 2018 +0200

cherry-checker: add a 'fixes' column

Scans the commit messages for 'Fixes' annotations and displays
them in an additional column.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/33)

---

Summary of changes:
 review-tools/cherry-checker | 25 +
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/review-tools/cherry-checker b/review-tools/cherry-checker
index d65e801..dbdbd06 100755
--- a/review-tools/cherry-checker
+++ b/review-tools/cherry-checker
@@ -76,13 +76,16 @@ def pick_cherries(left, right, all = False):
 left + "..." + right, "--pretty=%at;%m;%h;%s"
 ]
 
-regex   = re.compile("|".join([
+prnum_regex   = re.compile("|".join([
 # The standard pull request annotation
 "\(Merged from https://github.com/openssl/openssl/pull/([0-9]+)\)",
 # @kroeck's special pull request annotation ;-)
 "GH: #([0-9]+)"
 ]))
 
+fixes_regex   = re.compile(
+"Fixes[:]?\s+(#|https://github.com/openssl/openssl/pull/)([0-9]+)")
+
 for line in subprocess.check_output(git_command).decode().splitlines():
 
 timestamp, branch, commit, subject = line.split(";")
@@ -99,7 +102,7 @@ def pick_cherries(left, right, all = False):
 ["git", "show", "--no-patch", commit]
 ).decode()
 
-match = regex.search(message)
+match = prnum_regex.search(message)
 if match:
 if match.group(1):
 prnum = match.group(1)
@@ -108,7 +111,13 @@ def pick_cherries(left, right, all = False):
 else:
 prnum = ""
 
-yield prnum, timestamp, branch, commit, subject
+match = fixes_regex.search(message)
+if match:
+fixes = "#" + match.group(2)
+else:
+fixes = ""
+
+yield prnum, fixes, timestamp, branch, commit, subject
 
 
 
@@ -136,17 +145,17 @@ if __name__ == '__main__':
   ->  {right}
   ==  both
 
- prnum | br |   commit   |   subject
- - | -- | -- | 
---""".format(
+ prnum | fixes | br |   commit   |   subject
+ - | - | -- | -- | 
---""".format(
  left = left,
  right = right))
 
 branch_marker = { '<': '<-', '>': '->', '=' : '==' }
 
 try:
-for prnum, _, branch, commit, subject in commits:
-print(' #{:>4} | {} | {} | {} '.format(
-prnum, branch_marker[branch], commit, subject
+for prnum, fixes, _, branch, commit, subject in commits:
+print(' #{:>4} | {:>5} | {} | {} | {} '.format(
+prnum, fixes, branch_marker[branch], commit, subject
 ))
 except subprocess.CalledProcessError as e:
 print(e, file=sys.stderr)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  ca2469ca133476e1fb3f89bbaf43f8d7a4244c25 (commit)
  from  2d16f8da11fe0bab487d936f13a63ea8fba5204e (commit)


- Log -
commit ca2469ca133476e1fb3f89bbaf43f8d7a4244c25
Author: Paul Yang 
Date:   Thu Sep 13 10:24:17 2018 +0900

Add 1.1.1 stable branch when doing 'opensslpull'

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/31)

---

Summary of changes:
 review-tools/opensslpull | 1 +
 1 file changed, 1 insertion(+)

diff --git a/review-tools/opensslpull b/review-tools/opensslpull
index 3776a30..0c8a40b 100755
--- a/review-tools/opensslpull
+++ b/review-tools/opensslpull
@@ -8,6 +8,7 @@ test -f ./config || {
 
 git checkout --quiet OpenSSL_1_0_2-stable ; git pull --rebase
 git checkout --quiet OpenSSL_1_1_0-stable ; git pull --rebase
+git checkout --quiet OpenSSL_1_1_1-stable ; git pull --rebase
 git checkout --quiet master
 git rebase -p origin/master
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  2d16f8da11fe0bab487d936f13a63ea8fba5204e (commit)
   via  b747cccd90b142bcfa7c264af6c3aba50d233f82 (commit)
  from  16fe6d400dcef56b5ffbe6ddc416cbc77bff7782 (commit)


- Log -
commit 2d16f8da11fe0bab487d936f13a63ea8fba5204e
Author: Dr. Matthias St. Pierre 
Date:   Sun Oct 14 14:05:09 2018 +0200

cherry-checker: initial commit

usage: cherry-checker [-h] [-a] [-s] [-r]

Shows the commits in 'master...OpenSSL_1_1_1-stable' which are eligible for
cherry-picking. A commit is considered cherry-picked, if there is another
commit on the "other side" which introduces an equivalent patch. For 
details,
see the documentation of the '--cherry-mark' option in the git-log(1) 
manpage.

optional arguments:
  -h, --helpshow this help message and exit
  -a, --all Show all commits, also those which have been cherry-picked.
  -s, --sortSort commits w.r.t. pull request number and author date.
  -r, --remote  Compare the remote branches instead of the local ones.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/32)

commit b747cccd90b142bcfa7c264af6c3aba50d233f82
Author: Richard Levitte 
Date:   Sat Sep 22 23:06:18 2018 +0200

gitaddrev: do lowercase when checking CLA entries

We know that we lowercase all email addresses in the CLA database, so
we need to lowercase the identity that we use there, but nowhere else.

---

Summary of changes:
 review-tools/cherry-checker | 152 
 review-tools/gitaddrev  |   6 +-
 2 files changed, 155 insertions(+), 3 deletions(-)
 create mode 100755 review-tools/cherry-checker

diff --git a/review-tools/cherry-checker b/review-tools/cherry-checker
new file mode 100755
index 000..d65e801
--- /dev/null
+++ b/review-tools/cherry-checker
@@ -0,0 +1,152 @@
+#!/usr/bin/env python3
+
+import argparse
+import subprocess
+import re
+import sys
+
+left  = "master"
+right = "OpenSSL_1_1_1-stable"
+
+
+def parse_arguments():
+parser = argparse.ArgumentParser(
+description = """Shows the commits in '{left}...{right}'
+which are eligible for cherry-picking. A commit is considered
+cherry-picked, if there is another commit on the "other side"
+which introduces an equivalent patch.
+For details, see the documentation of the '--cherry-mark' option
+in the git-log(1) manpage.
+""".format(left=left, right=right))
+
+parser.add_argument(
+'-a', '--all',
+action = 'store_true',
+help = "Show all commits, also those which have been cherry-picked."\
+)
+
+parser.add_argument(
+'-s', '--sort',
+action = 'store_true',
+help = "Sort commits w.r.t. pull request number and author date."\
+)
+
+parser.add_argument(
+'-r', '--remote',
+action = 'store_true',
+help = "Compare the remote branches instead of the local ones."\
+)
+
+args = parser.parse_args()
+
+return args
+
+
+def check_openssl_git_repo():
+"""Checks whether we're inside a openssl.git downstrem repository"""
+try:
+if "/openssl.git" in subprocess.check_output(
+["git", "remote", "-v"]
+).decode():
+return True;
+except:
+pass
+
+return False
+
+
+def get_remote():
+try:
+return subprocess.check_output(
+["git", "config", "branch.master.remote"]
+).decode().trim()
+except:
+return "origin"
+
+
+def pick_cherries(left, right, all = False):
+"""Lists all commits from the symmetric difference of left and right
+
+By default, all commits are omitted which have an 'equivalent' commit
+on the other side, unless 'all' == True.
+"""
+
+git_command = [
+"git", "log", "--oneline", "--cherry-mark", "--left-right",
+left + "..." + right, "--pretty=%at;%m;%h;%s"
+]
+
+regex   = re.compile("|".join([
+# The standard pull request annotation
+"\(Merged from https://github.com/openssl/openssl/pull/([0-9]+)\)",
+# @kroeck's special pull request annotation ;-)
+"GH: #([0-9]+)"
+]))
+
+for line in subprocess.check_output(git_command).decode().splitlines():
+
+timestamp, branch, commit, subject = line.split(";")
+
+if branch == '=' and not all:
+continue
+
+# shorten overlong subject lines
+if len(subject) > 70:
+subject = subject[:70] + "..."
+
+# search commit message for pull request number
+message = subprocess.check_output(
+["git", "show", "--no-patch", commit]
+).decode()
+
+match = regex.search(message)
+if match:
+if 

[openssl-commits] [tools] master update

[Paul I . Dale]

The branch master has been updated
   via  16fe6d400dcef56b5ffbe6ddc416cbc77bff7782 (commit)
  from  eb4d1f2af762c9674d1461ddbe652f18bcd21415 (commit)


- Log -
commit 16fe6d400dcef56b5ffbe6ddc416cbc77bff7782
Author: Bernd Edlinger 
Date:   Thu Sep 13 07:18:08 2018 +1000

pick-to-branch: Update active branches

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/30)

---

Summary of changes:
 review-tools/pick-to-branch | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/review-tools/pick-to-branch b/review-tools/pick-to-branch
index 9160ef5..1c385e5 100755
--- a/review-tools/pick-to-branch
+++ b/review-tools/pick-to-branch
@@ -19,15 +19,15 @@ esac
 
 
 case $b in
-*1*0*1*)
-branch=OpenSSL_1_0_1-stable
-;;
 *1*0*2*)
 branch=OpenSSL_1_0_2-stable
 ;;
 *1*1*0*)
 branch=OpenSSL_1_1_0-stable
 ;;
+*1*1*1*)
+branch=OpenSSL_1_1_1-stable
+;;
 m*)
 branch=master
 ;;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  eb4d1f2af762c9674d1461ddbe652f18bcd21415 (commit)
  from  1f45f077ae95e501865207cc9aba81a7c3791756 (commit)


- Log -
commit eb4d1f2af762c9674d1461ddbe652f18bcd21415
Author: Richard Levitte 
Date:   Mon Sep 10 17:34:52 2018 +0200

release-tools: use 'make tar' instead of 'make dist'

'make dist' will pre-configure the OpenSSL source for distribution
with a simple generic configuration, which is nice...  as long as
you're on Unix.

Unfortunately, the resulting Makefile will be picked up by NMAKE (on
Windows) and MMS / MMK (on VMS) and will spew out errors because those
are very different environments.

Therefore, it's better not to pre-configure, and just create an
archive from the source proper.

(note that pre-configuration would still work on the 1.0.2 series,
since the Windows and VMS builds are entirely different there, but
it's no big loss to force everyone to configure when using 1.0.2 as
well)

Reviewed-by: Viktor Dukhovni 
(Merged from https://github.com/openssl/openssl/pull/29)

---

Summary of changes:
 release-tools/README.md| 2 +-
 release-tools/mkrelease.pl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/release-tools/README.md b/release-tools/README.md
index 5376eec..af2b78f 100644
--- a/release-tools/README.md
+++ b/release-tools/README.md
@@ -276,7 +276,7 @@ or if you want to use the openssl-team key:
 
 Make the release tarball. You do this with:
 
-make dist
+make tar
 
 Create .sha1, .sha256 and .asc files manually. You can use:
 
diff --git a/release-tools/mkrelease.pl b/release-tools/mkrelease.pl
index 69e337f..48f18d7 100644
--- a/release-tools/mkrelease.pl
+++ b/release-tools/mkrelease.pl
@@ -257,7 +257,7 @@ if ( !$no_release ) {
 my $gpgann = $ENV{"OPENSSL_GPG_ANNOUNCE"}
   // "$gpg --use-agent -sta --clearsign";
 my $tarfile = "openssl-${expected_version}.tar.gz";
-system("(./config; make $TAR dist) >../$tarfile.log 2>&1");
+system("(./config; make $TAR tar) >../$tarfile.log 2>&1");
 die "Error generating release!" if $?;
 die "Can't find tarball!!" unless -f "../$tarfile";
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  1f45f077ae95e501865207cc9aba81a7c3791756 (commit)
  from  2a01977682aadf36adcc66dd7ac2bbe0cbc26d24 (commit)


- Log -
commit 1f45f077ae95e501865207cc9aba81a7c3791756
Author: Richard Levitte 
Date:   Tue Sep 4 21:18:58 2018 +0200

gitaddrev: don't lowercase the reviewers

If we lowercase them, the occasional registered mixed case ID will not
be recognised.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/28)

---

Summary of changes:
 review-tools/gitaddrev | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev
index cf041d4..18930b4 100755
--- a/review-tools/gitaddrev
+++ b/review-tools/gitaddrev
@@ -31,7 +31,7 @@ my @unknown_reviewers;
 my $skip_reviewer;
 my $omccount = 0;
 sub try_add_reviewer {
-my $id = lc(shift);
+my $id = shift;
 my $rc = undef;
 my $id2 = $id =~ /^\@(.*)$/ ? { github => $1 } : $id;
 my $rev = $query->find_person_tag($id2, 'rev');
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Matt Caswell]

The branch master has been updated
   via  2a01977682aadf36adcc66dd7ac2bbe0cbc26d24 (commit)
  from  4e85c274b47997105dad347852584d464e2cef02 (commit)


- Log -
commit 2a01977682aadf36adcc66dd7ac2bbe0cbc26d24
Author: Matt Caswell 
Date:   Thu Aug 16 10:47:14 2018 +0100

The "tls13downgrade" Configure option no longer exists

So, we need to remove checking of it from run-checker.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/27)

---

Summary of changes:
 run-checker/run-checker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index a04b68f..499fb02 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -31,7 +31,7 @@ no-err no-filenames
 no-aria no-asan no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng
 no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer
 no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ssl no-ssl-trace no-tests
-no-tls13downgrade no-ubsan no-ui-console no-unit-test no-weak-ssl-ciphers
+no-ubsan no-ui-console no-unit-test no-weak-ssl-ciphers
 no-zlib no-zlib-dynamic
 enable-fuzz-afl enable-fuzz-libfuzzer enable-heartbeats no-hw no-hw-padlock
 no-idea no-makedepend enable-md2 no-md4 no-mdc2 no-gost no-multiblock
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Matt Caswell]

The branch master has been updated
   via  4e85c274b47997105dad347852584d464e2cef02 (commit)
  from  cab68a3abe9fa4d8b8837b98540bb0d25ee4f55b (commit)


- Log -
commit 4e85c274b47997105dad347852584d464e2cef02
Author: Matt Caswell 
Date:   Mon Jul 23 09:44:03 2018 +0100

Don't test no-md5

no-md5 is not a valid option so we shouldn't be testing it

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/tools/pull/25)

---

Summary of changes:
 run-checker/run-checker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index ab8910e..a04b68f 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -34,7 +34,7 @@ no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ssl 
no-ssl-trace no-tests
 no-tls13downgrade no-ubsan no-ui-console no-unit-test no-weak-ssl-ciphers
 no-zlib no-zlib-dynamic
 enable-fuzz-afl enable-fuzz-libfuzzer enable-heartbeats no-hw no-hw-padlock
-no-idea no-makedepend enable-md2 no-md4 no-md5 no-mdc2 no-gost no-multiblock
+no-idea no-makedepend enable-md2 no-md4 no-mdc2 no-gost no-multiblock
 no-nextprotoneg no-ocb no-ocsp no-pic no-poly1305 no-posix-io no-psk no-rc2
 no-rc4 enable-rc5 no-rdrand no-rfc3779 no-ripemd no-rmd160 no-scrypt 
enable-sctp
 no-seed no-shared no-sock no-srp no-srtp no-sse2 enable-ssl-trace
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  cab68a3abe9fa4d8b8837b98540bb0d25ee4f55b (commit)
  from  1fb2c1d2155c25b18b00bc9cc6f1a9169d1b9460 (commit)


- Log -
commit cab68a3abe9fa4d8b8837b98540bb0d25ee4f55b
Author: Richard Levitte 
Date:   Mon Jul 16 11:53:48 2018 +0200

build-gost: CMAKE_MODULE_LINKER_FLAGS, not CMAKE_SHARED_LINKER_FLAGS

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/24)

---

Summary of changes:
 run-checker/build-gost.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/run-checker/build-gost.sh b/run-checker/build-gost.sh
index c9004c3..a6f3468 100755
--- a/run-checker/build-gost.sh
+++ b/run-checker/build-gost.sh
@@ -35,7 +35,7 @@ OPENSSL_PREFIX=$(pwd)/openssl/_install
 ) && (
 cd gost-engine
 cmake -DOPENSSL_ROOT_DIR=$OPENSSL_PREFIX \
-  -DCMAKE_SHARED_LINKER_FLAGS='-Wl,--enable-new-dtags' \
+  -DCMAKE_MODULE_LINKER_FLAGS='-Wl,--enable-new-dtags' \
   .
 make
 )
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  1fb2c1d2155c25b18b00bc9cc6f1a9169d1b9460 (commit)
  from  45ea2185ce1a2f39c6fb72abd076dbb191b0d016 (commit)


- Log -
commit 1fb2c1d2155c25b18b00bc9cc6f1a9169d1b9460
Author: Richard Levitte 
Date:   Mon Jul 16 11:33:18 2018 +0200

build-gost: ensure gost.so is built with RUNPATH, not RPATH

This allows us to point to whatever libcrypto we want.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/23)

---

Summary of changes:
 run-checker/build-gost.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/run-checker/build-gost.sh b/run-checker/build-gost.sh
index f3d205f..c9004c3 100755
--- a/run-checker/build-gost.sh
+++ b/run-checker/build-gost.sh
@@ -34,6 +34,8 @@ OPENSSL_PREFIX=$(pwd)/openssl/_install
&& make install_dev
 ) && (
 cd gost-engine
-cmake -DOPENSSL_ROOT_DIR=$OPENSSL_PREFIX .
+cmake -DOPENSSL_ROOT_DIR=$OPENSSL_PREFIX \
+  -DCMAKE_SHARED_LINKER_FLAGS='-Wl,--enable-new-dtags' \
+  .
 make
 )
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  45ea2185ce1a2f39c6fb72abd076dbb191b0d016 (commit)
  from  5f62625fdbc9dba7d402ea9d5ee91f5b8280df50 (commit)


- Log -
commit 45ea2185ce1a2f39c6fb72abd076dbb191b0d016
Author: Richard Levitte 
Date:   Sat Jul 14 11:47:17 2018 +0200

run-checker: Add script to build gost.so

It gets built against a 1.1.0 build, on purpose to check that it links
and runs correctly against any libcrypto.so.1.1.

Fixes #21

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/22)

---

Summary of changes:
 run-checker/build-gost.sh | 39 +++
 1 file changed, 39 insertions(+)
 create mode 100755 run-checker/build-gost.sh

diff --git a/run-checker/build-gost.sh b/run-checker/build-gost.sh
new file mode 100755
index 000..f3d205f
--- /dev/null
+++ b/run-checker/build-gost.sh
@@ -0,0 +1,39 @@
+#! /bin/bash
+#
+# Run in a directory for a gost engine build.
+# Two subdirectories will be created:
+#
+#gost-engine   a checkout of https://github.com/gost-engine/engine.git
+#openssl   a checkout of https://github.com/openssl/openssl.git
+#
+# Required ubuntu packages to run this script:
+#
+#build-essential
+#cmake
+#perl
+#git
+
+if [ -d openssl ]; then
+(cd openssl; git pull --rebase)
+else
+git clone -b OpenSSL_1_1_0-stable --depth 1 --single-branch \
+   https://github.com/openssl/openssl.git openssl
+fi
+
+if [ -d gost-engine ]; then
+(cd gost-engine; git pull --rebase)
+else
+git clone https://github.com/gost-engine/engine.git gost-engine
+fi
+
+OPENSSL_PREFIX=$(pwd)/openssl/_install
+(
+cd openssl
+./config --prefix=$OPENSSL_PREFIX \
+   && make -j8 build_libs \
+   && make install_dev
+) && (
+cd gost-engine
+cmake -DOPENSSL_ROOT_DIR=$OPENSSL_PREFIX .
+make
+)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  5f62625fdbc9dba7d402ea9d5ee91f5b8280df50 (commit)
  from  805106fc21b3bb4337c68f736fe43518344862a8 (commit)


- Log -
commit 5f62625fdbc9dba7d402ea9d5ee91f5b8280df50
Author: Pauli 
Date:   Thu Jul 12 12:22:20 2018 -0400

Export CC variable

The default for CC wasn't exporting the environment variable.  Likewise,
the variable wasn't used.  Hence it didn't take effect.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/20)

---

Summary of changes:
 review-tools/opensslbuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/review-tools/opensslbuild b/review-tools/opensslbuild
index 404a04e..e9abfb3 100755
--- a/review-tools/opensslbuild
+++ b/review-tools/opensslbuild
@@ -21,7 +21,7 @@ test "$1" = "-x" && {
 }
 
 # Set compiler
-test "$CC" = "" && CC="ccache clang-3.6"
+test "$CC" = "" && export CC="ccache clang-3.6"
 
 # Set basic config arguments
 CONFIGARGS="-d --strict-warnings --prefix=/usr/local/openssl"
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  805106fc21b3bb4337c68f736fe43518344862a8 (commit)
  from  3660c7ff2c23ae4d89e463f0abd5a359b6172775 (commit)


- Log -
commit 805106fc21b3bb4337c68f736fe43518344862a8
Author: Rich Salz 
Date:   Mon May 21 08:50:06 2018 -0400

Better flag parsing; build by default

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/tools/pull/15)

---

Summary of changes:
 review-tools/ghmerge | 69 
 1 file changed, 42 insertions(+), 27 deletions(-)

diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index 7f00b7c..1fb70c8 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -12,36 +12,49 @@ if [ ! -d .git ] ; then
 exit 1
 fi
 
-if [ "$1" = "--tools" ] ; then
-WHAT=tools ; MERGE=yes ; BUILD=no ; shift
-fi
-if [ "$1" = "--web" ] ; then
-WHAT=web ; MERGE=yes ; BUILD=no ; shift
-fi
-if [ "$1" == "--trivial" ] ; then
-TRIVIAL="--trivial" ; shift
-fi
-if [ "$1" == "--merge" -o "$1" == "--squash" ] ; then
-MERGE=yes ; shift
-fi
-if [ "$1" == "--nomerge" -o "$1" == "--nosquash" ] ; then
-MERGE=no ; shift
-fi
+# Parse JCL.
+while true ; do
+case "$1" in
+--tools)
+WHAT=tools ; MERGE=yes ; BUILD=no ; shift
+;;
+--web)
+WHAT=web ; MERGE=yes ; BUILD=no ; shift
+;;
+--trivial)
+TRIVIAL="--trivial" ; shift
+;;
+--merge | --squash)
+MERGE=yes ; shift
+;;
+--nomerge | --nosquash)
+MERGE=no ; shift
+;;
+--nobuild)
+BUILD=no ; shift
+;;
+--)
+shift
+break
+;;
+-*)
+echo "$0: Unknown flag $1"
+exit 1
+;;
+*)
+break
+;;
+esac
+done
 
 if [ $# -lt 2 ] ; then
-echo Usage: `basename $0` '[--trivial] [--merge] prnum reviewer...'
+echo "Usage: $0 [flags] prnum reviewer..."
 exit 1
 fi
 PRNUM=$1 ; shift
-case "$PRNUM" in
--*)
-echo Usage: `basename $0` '[--trivial] [--[no]merge] prnum reviewer...'
-exit 1
-;;
-esac
+TEAM=$*
 
 curl -s https://api.github.com/repos/openssl/$WHAT/pulls/$PRNUM >/tmp/gh$$
-TEAM=$*
 set -- `python -c '
 from __future__ import print_function
 import json, sys;
@@ -69,13 +82,13 @@ function cleanup {
 }
 trap 'cleanup' EXIT
 
-
 git pull --rebase https://github.com/$WHO/$WHAT.git $BRANCH
 git rebase $REL
+
 echo Diff against $REL
 git diff $REL
 
-echo -n Press return to merge to $REL and build: ; read foo
+echo -n Press return to merge to $REL: ; read foo
 addrev $TRIVIAL --prnum=$PRNUM $TEAM ${REL}..
 git checkout $REL
 if [ "$MERGE" == "yes" ] ; then
@@ -86,8 +99,10 @@ else
 git rebase $WORK
 fi
 
-# echo Rebuilding
-# opensslbuild |& tail -3
+if [ "$BUILD" == "yes" ] ; then
+echo Rebuilding
+( opensslbuild 2>&1 ) | tail -3
+fi
 
 while true ; do
 echo -n "Enter YES to push or NO to abort: "
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Matt Caswell]

The branch master has been updated
   via  3660c7ff2c23ae4d89e463f0abd5a359b6172775 (commit)
  from  897f0887b4fecf22e522c248800b158c2e6a7422 (commit)


- Log -
commit 3660c7ff2c23ae4d89e463f0abd5a359b6172775
Author: Matt Caswell 
Date:   Tue Jun 19 21:43:07 2018 +0100

Test no-sm2, no-sm3, no-sm4

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/tools/pull/19)

---

Summary of changes:
 run-checker/run-checker.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 843cccb..ab8910e 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -42,7 +42,8 @@ no-static-engine no-stdio no-threads no-ts enable-ubsan no-ui
 enable-unit-test no-whirlpool enable-weak-ssl-ciphers enable-zlib
 enable-zlib-dynamic 386 no-dtls no-tls no-ssl3 no-tls1 no-tls1_1 no-tls1_2
 no-dtls1 no-dtls1_2 no-ssl3-method no-tls1-method no-tls1_1-method
-no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 )
+no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 no-sm2
+no-sm3 no-sm4 )
 
 run-hook () {
 local hookname=$1; shift
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  ddda55afb15458bc21187ef80397134193a8982e (commit)
  from  845c25d8db7fc784cbf92a523300376a8d69b2a1 (commit)


- Log -
commit ddda55afb15458bc21187ef80397134193a8982e
Author: Rich Salz 
Date:   Wed May 23 11:44:44 2018 -0400

Add --web and --tools to support other repo's.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/tools/pull/1t)

---

Summary of changes:
 review-tools/addrev| 4 
 review-tools/gitaddrev | 9 +++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/review-tools/addrev b/review-tools/addrev
index 0bd28a5..ce770f3 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -22,6 +22,10 @@ foreach (@ARGV) {
 $args .= "--rmreviewers ";
 } elsif (/^--trivial$/) {
 $args .= "--trivial ";
+} elsif (/^--web$/) {
+$args .= "--web ";
+} elsif (/^--tools$/) {
+$args .= "--tools ";
 } elsif (/^--verbose$/) {
 $args .= "--verbose ";
 } elsif (/^--noself$/) {
diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev
index 2beb48a..cf041d4 100755
--- a/review-tools/gitaddrev
+++ b/review-tools/gitaddrev
@@ -21,6 +21,7 @@ my $num = 0;
 my $refuse = 0;
 my $prnum = 0;
 my $verbose = 0;
+my $WHAT = 'openssl';
 
 my $query = OpenSSL::Query->new();
 
@@ -99,6 +100,10 @@ foreach (@ARGV) {
try_add_reviewer($1);
 } elsif (/^--verbose$/) {
$verbose = 1;
+} elsif (/^--web$/) {
+$WHAT = 'web';
+} elsif (/--tools$/) {
+$WHAT = 'tools'
 }
 }
 
@@ -189,7 +194,7 @@ my $last_is_rev = 0;
 foreach (@commit_message) {
 # Start each line with assuming it's not a reviewed-by line
 $last_is_rev = 0;
-if (/^\(Merged from https:\/\/github\.com\/openssl\/openssl\/pull\//) {
+if (/^\(Merged from https:\/\/github\.com\/openssl\/$WHAT\/pull\//) {
 next if $rmrev == 1;
 $last_is_rev = 1;
 next;  # Because we're rewriting it below
@@ -211,5 +216,5 @@ if ($rmrev == 0) {
 }
 }
 
-print "(Merged from https://github.com/openssl/openssl/pull/$prnum)\n"
+print "(Merged from https://github.com/openssl/$WHAT/pull/$prnum)\n"
 if $prnum;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  a3215cfa675b64baaa570f374c55f098479b0df6 (commit)
  from  f37c4f5e3a9ef27283a395ffd0975e78067121ea (commit)


- Log -
commit a3215cfa675b64baaa570f374c55f098479b0df6
Author: Rich Salz 
Date:   Sun May 20 21:00:32 2018 -0400

Add --web flag for web repo

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/tools/pull/13)

---

Summary of changes:
 review-tools/ghmerge | 14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index b1aebb9..ea6b0ec 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -2,16 +2,22 @@
 
 set -o errexit
 
+WHAT=openssl
+BUILD=yes
+TRIVIAL=""
+MERGE="yes"
+
 if [ ! -d .git ] ; then
 echo Not at top-level
 exit 1
 fi
 
-TRIVIAL=""
+if [ "$1" = "--web" ] ; then
+WHAT=web ; MERGE=yes ; BUILD=no ; shift
+fi
 if [ "$1" == "--trivial" ] ; then
 TRIVIAL="--trivial" ; shift
 fi
-MERGE="yes"
 if [ "$1" == "--merge" -o "$1" == "--squash" ] ; then
 MERGE=yes ; shift
 fi
@@ -31,7 +37,7 @@ case "$PRNUM" in
 ;;
 esac
 
-curl -s https://api.github.com/repos/openssl/openssl/pulls/$PRNUM >/tmp/gh$$
+curl -s https://api.github.com/repos/openssl/$WHAT/pulls/$PRNUM >/tmp/gh$$
 TEAM=$*
 set -- `python -c '
 from __future__ import print_function
@@ -61,7 +67,7 @@ function cleanup {
 trap 'cleanup' EXIT
 
 
-git pull --rebase https://github.com/$WHO/openssl.git $BRANCH
+git pull --rebase https://github.com/$WHO/$WHAT.git $BRANCH
 git rebase $REL
 echo Diff against $REL
 git diff $REL
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  c0ba851e324ad25cf4734ea93b22e315a51e5106 (commit)
  from  a3215cfa675b64baaa570f374c55f098479b0df6 (commit)


- Log -
commit c0ba851e324ad25cf4734ea93b22e315a51e5106
Author: Rich Salz 
Date:   Mon May 21 08:13:07 2018 -0400

Add --tools flag

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/tools/pull/14)

---

Summary of changes:
 review-tools/ghmerge | 4 
 1 file changed, 4 insertions(+)

diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index ea6b0ec..7f00b7c 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -12,6 +12,9 @@ if [ ! -d .git ] ; then
 exit 1
 fi
 
+if [ "$1" = "--tools" ] ; then
+WHAT=tools ; MERGE=yes ; BUILD=no ; shift
+fi
 if [ "$1" = "--web" ] ; then
 WHAT=web ; MERGE=yes ; BUILD=no ; shift
 fi
@@ -82,6 +85,7 @@ if [ "$MERGE" == "yes" ] ; then
 else
 git rebase $WORK
 fi
+
 # echo Rebuilding
 # opensslbuild |& tail -3
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  f37c4f5e3a9ef27283a395ffd0975e78067121ea (commit)
  from  232417f8a0c556b5325d14ebc7630b776b2f1dfd (commit)


- Log -
commit f37c4f5e3a9ef27283a395ffd0975e78067121ea
Author: Richard Levitte 
Date:   Mon May 7 09:53:44 2018 +0200

QueryApp: keep the bureau parameter key for backward compatibility

---

Summary of changes:
 QueryApp/lib/OpenSSL/Query/Role/OMC.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/QueryApp/lib/OpenSSL/Query/Role/OMC.pm 
b/QueryApp/lib/OpenSSL/Query/Role/OMC.pm
index 9410084..6cce602 100644
--- a/QueryApp/lib/OpenSSL/Query/Role/OMC.pm
+++ b/QueryApp/lib/OpenSSL/Query/Role/OMC.pm
@@ -17,13 +17,14 @@ use File::Spec::Functions;
 use Moo::Role;
 
 has omc => ( is => 'ro' );
+has bureau => ( is => 'ro' );  # Backward compat, omc takes precedense
 
 sub _find_file {
   my $self = shift;
   my $filename = shift;
   my $envvar = shift;
 
-  my $omc = $ENV{OMC} // $ENV{BUREAU} // $self->omc;
+  my $omc = $ENV{OMC} // $self->omc // $ENV{BUREAU} // $self->bureau;
   my @paths = ( $ENV{$envvar} // (),
$omc ? catfile($omc, $filename) : (),
catfile('.', $filename) );
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  232417f8a0c556b5325d14ebc7630b776b2f1dfd (commit)
   via  73ef6aa692b56c1602abcb4fd090077cb7234d95 (commit)
  from  ba63b292f904eca32e6c707575af3bee1a238172 (commit)


- Log -
commit 232417f8a0c556b5325d14ebc7630b776b2f1dfd
Author: Richard Levitte 
Date:   Mon May 7 09:39:37 2018 +0200

release-tools, review-tools: bureau => omc rename

commit 73ef6aa692b56c1602abcb4fd090077cb7234d95
Author: Richard Levitte 
Date:   Mon May 7 09:38:52 2018 +0200

clacheck: bureau => omc rename

---

Summary of changes:
 clacheck/clacheck.py| 2 +-
 release-tools/README.md | 2 +-
 review-tools/README | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/clacheck/clacheck.py b/clacheck/clacheck.py
index f63d9b2..afa09f0 100755
--- a/clacheck/clacheck.py
+++ b/clacheck/clacheck.py
@@ -18,7 +18,7 @@ Trivial = re.compile("^\s*CLA\s*:\s*TRIVIAL", re.IGNORECASE)
 URLpattern = re.compile("https?://([^/]*)/(.*)")
 SUCCESS = 'success'
 FAILURE = 'failure'
-CLAFILE = "/var/cache/openssl/checkouts/bureau/cladb.txt" #
+CLAFILE = "/var/cache/openssl/checkouts/omc/cladb.txt" #
 
 null_actions = (
 'assigned', 'unassigned', 'labeled', 'unlabeled', 'closed',
diff --git a/release-tools/README.md b/release-tools/README.md
index c10cb75..5376eec 100644
--- a/release-tools/README.md
+++ b/release-tools/README.md
@@ -221,7 +221,7 @@ Unfreeze the repository.
 ssh openssl-...@git.openssl.org unfreeze openssl
 
 If this release includes security fixes with a CVE then you should inform
-MITRE about them. See the instructions at the top of cvepool.txt in bureau.
+MITRE about them. See the instructions at the top of cvepool.txt in omc.
 
 Check mailing lists over the next few hours for reports of any success
 or failure. If necessary fix these and in the worst case make another
diff --git a/review-tools/README b/review-tools/README
index e601cc6..83f7802 100644
--- a/review-tools/README
+++ b/review-tools/README
@@ -13,7 +13,7 @@ Environment
 
 Some of the scripts use the information REST API on https://api.openssl.org.
 If you have direct access to the databases and want to use that instead, set
-the environment variable BUREAU to the directory where they are located.
+the environment variable OMC to the directory where they are located.
 
 The scripts
 ===
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  ba63b292f904eca32e6c707575af3bee1a238172 (commit)
  from  6c9eac0cab97aa1e4d98721ef3e68452f1839c5e (commit)


- Log -
commit ba63b292f904eca32e6c707575af3bee1a238172
Author: Richard Levitte 
Date:   Mon May 7 09:31:51 2018 +0200

QueryApp: rename bureau => omc, bump version

---

Summary of changes:
 QueryApp/MANIFEST |  2 +-
 QueryApp/Makefile.PL  |  2 +-
 QueryApp/bin/query.psgi   | 18 +-
 QueryApp/lib/OpenSSL/Query/ClaDB.pm   |  2 +-
 QueryApp/lib/OpenSSL/Query/PersonDB.pm|  2 +-
 QueryApp/lib/OpenSSL/Query/Role/{Bureau.pm => OMC.pm} |  8 
 6 files changed, 17 insertions(+), 17 deletions(-)
 rename QueryApp/lib/OpenSSL/Query/Role/{Bureau.pm => OMC.pm} (81%)

diff --git a/QueryApp/MANIFEST b/QueryApp/MANIFEST
index 99f1b16..d9f0654 100644
--- a/QueryApp/MANIFEST
+++ b/QueryApp/MANIFEST
@@ -1,7 +1,7 @@
 bin/query.psgi
 lib/OpenSSL/Query/ClaDB.pm
 lib/OpenSSL/Query/DB.pm
-lib/OpenSSL/Query/Role/Bureau.pm
+lib/OpenSSL/Query/Role/OMC.pm
 lib/OpenSSL/Query/PersonDB.pm
 Makefile.PL
 MANIFEST
diff --git a/QueryApp/Makefile.PL b/QueryApp/Makefile.PL
index bb1dac9..56d57ca 100644
--- a/QueryApp/Makefile.PL
+++ b/QueryApp/Makefile.PL
@@ -4,7 +4,7 @@ use warnings;
 use inc::Module::Install;
 
 name 'QueryApp';
-version  '1.2';
+version  '2.0';
 abstract 'An OpenSSL query web app';
 author   q{Richard Levitte };
 license  'apache';
diff --git a/QueryApp/bin/query.psgi b/QueryApp/bin/query.psgi
index ec9a994..523fb8f 100644
--- a/QueryApp/bin/query.psgi
+++ b/QueryApp/bin/query.psgi
@@ -55,7 +55,7 @@ use OpenSSL::Query::DB;
 use URI::Encode qw(uri_decode);
 
 set serializer => 'JSON';
-set bureau => '/var/cache/openssl/checkouts/bureau';
+set omc => '/var/cache/openssl/checkouts/omc';
 
 # Version 0 API.
 # Feel free to add new routes, but never to change them or remove them,
@@ -73,7 +73,7 @@ sub name_decode {
 }
 
 get '/People' => sub {
-  my $query = OpenSSL::Query->new(bureau => config->{bureau});
+  my $query = OpenSSL::Query->new(omc => config->{omc});
   my @response = $query->list_people();
 
   return [ @response ] if @response;
@@ -81,7 +81,7 @@ get '/People' => sub {
 };
 
 get '/Person/:name' => sub {
-  my $query = OpenSSL::Query->new(bureau => config->{bureau});
+  my $query = OpenSSL::Query->new(omc => config->{omc});
   my $name = name_decode(uri_decode(param('name')));
   my %response = $query->find_person($name);
 
@@ -90,7 +90,7 @@ get '/Person/:name' => sub {
 };
 
 get '/Person/:name/Membership' => sub {
-  my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0);
+  my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0);
   my $name = name_decode(uri_decode(param('name')));
   my %response = $query->find_person($name);
 
@@ -99,7 +99,7 @@ get '/Person/:name/Membership' => sub {
 };
 
 get '/Person/:name/IsMemberOf/:group' => sub {
-  my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0);
+  my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0);
   my $name = name_decode(uri_decode(param('name')));
   my $group = uri_decode(param('group'));
   my $response = $query->is_member_of($name, $group);
@@ -109,7 +109,7 @@ get '/Person/:name/IsMemberOf/:group' => sub {
 };
 
 get '/Person/:name/ValueOfTag/:tag' => sub {
-  my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0);
+  my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0);
   my $name = name_decode(uri_decode(param('name')));
   my $tag = uri_decode(param('tag'));
   my $response = $query->find_person_tag($name, $tag);
@@ -119,7 +119,7 @@ get '/Person/:name/ValueOfTag/:tag' => sub {
 };
 
 get '/Person/:name/HasCLA' => sub {
-  my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0);
+  my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0);
   my $name = name_decode(uri_decode(param('name')));
   my %person = $query->find_person($name);
   my @response = ();
@@ -134,7 +134,7 @@ get '/Person/:name/HasCLA' => sub {
 };
 
 get '/Group/:group/Members' => sub {
-  my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0);
+  my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0);
   my $group = uri_decode(param('group'));
   my @response = $query->members_of($group);
 
@@ -143,7 +143,7 @@ get '/Group/:group/Members' => sub {
 };
 
 get '/HasCLA/:id' => sub {
-  my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0);
+  my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0);
   my $id = uri_decode(param('id'));
   if ($id =~ m|^\S+\@\S+$|) {
 my $response = $query->has_cla($id);
diff --git 

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  6c9eac0cab97aa1e4d98721ef3e68452f1839c5e (commit)
  from  fbf4b00f0993c7922ceb639f281a501169464f75 (commit)


- Log -
commit 6c9eac0cab97aa1e4d98721ef3e68452f1839c5e
Author: Richard Levitte 
Date:   Tue Apr 3 15:21:41 2018 +0200

release-tools/release-check.pl: handle versions like "1.1.1-pre4-dev" too

---

Summary of changes:
 release-tools/release-check.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/release-tools/release-check.pl b/release-tools/release-check.pl
index 2eac1e3..fe16e42 100644
--- a/release-tools/release-check.pl
+++ b/release-tools/release-check.pl
@@ -112,7 +112,7 @@ sub openssl_check_version_h {
 check_str( "opensslv.h: HEX version", $hexversion, $1, \$ok );
 $hex_done = 1;
 } elsif (/OPENSSL_VERSION_TEXT\s+\"OpenSSL\s
- ([^-\s]+(?!-fips)(?:-[^-\s]*)?)   # version without -fips
+ ([^-\s]+(?!-fips)(?:-[^-\s]*)*)   # version without -fips
  \s+
  (\([[:alpha:]]+\)\s+)?# Possible lable
  (.*)\"# The rest (date)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Matt Caswell]

The branch master has been updated
   via  fbf4b00f0993c7922ceb639f281a501169464f75 (commit)
  from  3c38191688d11d556dee96ddf3c9edf87491d52b (commit)


- Log -
commit fbf4b00f0993c7922ceb639f281a501169464f75
Author: Matt Caswell 
Date:   Wed Mar 28 10:39:04 2018 +0100

Add a reminder to include a link to the advisory in newflash.txt

---

Summary of changes:
 release-tools/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/release-tools/README.md b/release-tools/README.md
index 93888cf..c10cb75 100644
--- a/release-tools/README.md
+++ b/release-tools/README.md
@@ -94,7 +94,8 @@ The changes in this section should be made in your copy of 
the web repo.
 
 Update the news/newsflash.txt file. This normally is one or two lines. Just
 copy and paste existing announcements making minor changes for the date and
-version number as necessary.
+version number as necessary. If there is an advisory then ensure you include a
+link to it.
 
 Update the news/vulnerabilities.xml file if appropriate.
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Matt Caswell]

The branch master has been updated
   via  3c38191688d11d556dee96ddf3c9edf87491d52b (commit)
  from  d54658dd5fd7d7de0f967055b8933f1a5eb2c88e (commit)


- Log -
commit 3c38191688d11d556dee96ddf3c9edf87491d52b
Author: Matt Caswell 
Date:   Tue Mar 27 15:54:17 2018 +0100

Correct the notes for doing a release

---

Summary of changes:
 release-tools/README.md | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/release-tools/README.md b/release-tools/README.md
index acdceb3..93888cf 100644
--- a/release-tools/README.md
+++ b/release-tools/README.md
@@ -54,6 +54,9 @@ the directory where this README is):
 
 $HERE/do-copyright-year
 
+Obtain approval for these commits from the reviewer and add the reviewed-by
+headers as required.
+
 Perform the local automated release steps. This can normally be done with:
 
 perl $HERE/mkrelease.pl --reviewer=NAME
@@ -199,7 +202,7 @@ openssl user home directory, and then do the following
 
 sudo -u openssl gpg -u 8B3D79F5 --clearsign secadv_FILENAME
 sudo -u openssl mutt -s "OpenSSL Security Advisory" \
-openssl-project openssl-users openssl-announce
+openssl-project openssl-users openssl-announce \
 <~openssl/secadv_FILENAME.txt.asc
 
 Approve the openssl-announce email.  Go to
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  d54658dd5fd7d7de0f967055b8933f1a5eb2c88e (commit)
  from  9b9a6e181f1e52b5b9eaef975c31885324db4ece (commit)


- Log -
commit d54658dd5fd7d7de0f967055b8933f1a5eb2c88e
Author: Richard Levitte 
Date:   Tue Mar 27 15:18:00 2018 +0200

release-tools: More precise extraction of version number, avoiding fips 
version

---

Summary of changes:
 release-tools/release-check.pl | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/release-tools/release-check.pl b/release-tools/release-check.pl
index 42fbbfc..2eac1e3 100644
--- a/release-tools/release-check.pl
+++ b/release-tools/release-check.pl
@@ -111,8 +111,12 @@ sub openssl_check_version_h {
 if (/OPENSSL_VERSION_NUMBER\s+(0x[0-9a-f]+)L/) {
 check_str( "opensslv.h: HEX version", $hexversion, $1, \$ok );
 $hex_done = 1;
-} elsif (
-/OPENSSL_VERSION_TEXT\s+\"OpenSSL 
([^-\s]+(?:-[^-\s]*)?)\s+(\([[:alpha:]]+\)\s+)?(.*)\"/
+} elsif (/OPENSSL_VERSION_TEXT\s+\"OpenSSL\s
+ ([^-\s]+(?!-fips)(?:-[^-\s]*)?)   # version without -fips
+ \s+
+ (\([[:alpha:]]+\)\s+)?# Possible lable
+ (.*)\"# The rest (date)
+/x
   )
 {
 check_str( "opensslv.h: version", $version, $1, \$ok );
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  9b9a6e181f1e52b5b9eaef975c31885324db4ece (commit)
  from  ab0c22d2655c626cbc93835d9f3042be28efa64c (commit)


- Log -
commit 9b9a6e181f1e52b5b9eaef975c31885324db4ece
Author: Richard Levitte 
Date:   Tue Mar 27 15:18:00 2018 +0200

release-tools: More precise extraction of version number, avoiding fips 
version

---

Summary of changes:
 release-tools/release-check.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/release-tools/release-check.pl b/release-tools/release-check.pl
index cac5918..42fbbfc 100644
--- a/release-tools/release-check.pl
+++ b/release-tools/release-check.pl
@@ -112,7 +112,7 @@ sub openssl_check_version_h {
 check_str( "opensslv.h: HEX version", $hexversion, $1, \$ok );
 $hex_done = 1;
 } elsif (
-/OPENSSL_VERSION_TEXT\s+\"OpenSSL (\S*)\s+(\([[:alpha:]]+\)\s+)?(.*)\"/
+/OPENSSL_VERSION_TEXT\s+\"OpenSSL 
([^-\s]+(?:-[^-\s]*)?)\s+(\([[:alpha:]]+\)\s+)?(.*)\"/
   )
 {
 check_str( "opensslv.h: version", $version, $1, \$ok );
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  ab0c22d2655c626cbc93835d9f3042be28efa64c (commit)
  from  38108eb94667a35f449685fc34832b1255311b13 (commit)


- Log -
commit ab0c22d2655c626cbc93835d9f3042be28efa64c
Author: Rich Salz 
Date:   Mon Mar 26 15:16:51 2018 -0400

Ignore CHANGES changes

---

Summary of changes:
 license/add-lastchance | 1 +
 license/get-summary| 1 +
 2 files changed, 2 insertions(+)

diff --git a/license/add-lastchance b/license/add-lastchance
index 5a21f03..e763b6e 100755
--- a/license/add-lastchance
+++ b/license/add-lastchance
@@ -72,6 +72,7 @@ while ( <> ) {
 open my $F, "git diff --numstat $pattern|"
|| die "Can't open git diff, $!\n";
 while ( <$F> ) {
+   next if /CHANGES/;
$files++;
next unless /(\d+)\s+(\d+)\s+(.*)/;
$adds += int($1);
diff --git a/license/get-summary b/license/get-summary
index 46e0efd..3e0089c 100755
--- a/license/get-summary
+++ b/license/get-summary
@@ -26,6 +26,7 @@ while ( <$FH> ) {
 open my $F, "git diff --numstat $pattern|"
|| die "Can't open git diff, $!\n";
 while ( <$F> ) {
+   next if /CHANGES/;
$files++;
next unless /(\d+)\s+(\d+)\s+(.*)/;
$adds += int($1);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  38108eb94667a35f449685fc34832b1255311b13 (commit)
  from  c24b4571fda7c7bfa526f91494d61f7bc94c4807 (commit)


- Log -
commit 38108eb94667a35f449685fc34832b1255311b13
Author: Rich Salz 
Date:   Mon Mar 26 14:32:54 2018 -0400

Add -m flag

---

Summary of changes:
 license/rmcommit | 41 ++---
 1 file changed, 30 insertions(+), 11 deletions(-)

diff --git a/license/rmcommit b/license/rmcommit
index f128c47..02bc769 100755
--- a/license/rmcommit
+++ b/license/rmcommit
@@ -1,9 +1,14 @@
 #! /usr/bin/env python
-"""Remove commits from a user.
+"""Remove commits from the log.
+
+Flags:
+-m X Just the specified commits from the user X
+
+Arguments is a list of commit prefixes.
 """
 
 import mysql.connector, os, re, subprocess, sys
-import string, random
+import getopt, string, random
 dbconfig = {
 'user': 'license',
 'password': open('rwpass.txt').read().strip(),
@@ -12,22 +17,36 @@ dbconfig = {
 conn = mysql.connector.connect(**dbconfig)
 cursor = conn.cursor()
 
-# Get email identifier
-cursor.execute('SELECT uid FROM users WHERE email = %s', (sys.argv[1],))
 email = None
-for c in cursor:
-email = c[0]
-if not email:
-print sys.argv[1], "not found"
+try:
+opts, args = getopt.getopt(sys.argv[1:], "hm:")
+except:
+print __doc__
 raise SystemExit
+for o,a in opts:
+if o == '-h':
+print __doc__
+raise SystemExit
+elif o == '-m':
+cursor.execute('SELECT uid FROM users WHERE email = %s', (a,))
+for c in cursor:
+email = c[0]
+if not email:
+print a, "not found"
+raise SystemExit
 
-for cids in sys.argv[2:]:
+for cids in args:
 pat = cids + '%'
 cursor.execute('SELECT cid FROM commits WHERE commit LIKE %s', (pat,))
 cid = None
 for c in cursor:
 cid = c[0]
 if cid:
-cursor.execute('DELETE FROM log WHERE uid=%s AND cid LIKE %s',
-(email, cid))
+if email:
+cursor.execute('DELETE FROM log WHERE uid=%s AND cid=%s',
+(email, cid))
+else:
+cursor.execute('DELETE FROM log WHERE cid=%s', (cid,))
 conn.commit()
+else:
+print "Commit", cids, "not found"
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Matt Caswell]

The branch master has been updated
   via  c24b4571fda7c7bfa526f91494d61f7bc94c4807 (commit)
  from  c4cba40bbb70057a10b858829a8d2c3289cb356d (commit)


- Log -
commit c24b4571fda7c7bfa526f91494d61f7bc94c4807
Author: Matt Caswell 
Date:   Tue Mar 20 14:28:56 2018 +

Tweak the release instructions

---

Summary of changes:
 release-tools/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/release-tools/README.md b/release-tools/README.md
index 7b3767e..acdceb3 100644
--- a/release-tools/README.md
+++ b/release-tools/README.md
@@ -170,12 +170,13 @@ Check the download page has updated properly:
 
 Check the notes look sensible at:
 
-https://www.openssl.org/news/news.html
+https://www.openssl.org/news/newslog.html
 
 Also check the notes here:
 
 https://www.openssl.org/news/openssl-1.0.2-notes.html
 https://www.openssl.org/news/openssl-1.1.0-notes.html
+https://www.openssl.org/news/openssl-1.1.1-notes.html
 
 ## Send the announcement mail
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  c4cba40bbb70057a10b858829a8d2c3289cb356d (commit)
  from  dd672a5f06f5ca4e516170902f1876b249445351 (commit)


- Log -
commit c4cba40bbb70057a10b858829a8d2c3289cb356d
Author: Rich Salz 
Date:   Mon Mar 19 13:44:32 2018 -0400

Add net changes

---

Summary of changes:
 license/get-summary | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/license/get-summary b/license/get-summary
index b88627f..46e0efd 100755
--- a/license/get-summary
+++ b/license/get-summary
@@ -18,13 +18,10 @@ while ( <$FH> ) {
 }
 next unless /([0-da-f]{8}) .*/;
 my $cid = $1;
-# Skip a big import
-next if $cid eq 'd02b48c6';
 my $pattern = "$cid^..$cid";
 my $files = 0;
 my $adds = 0;
 my $dels = 0;
-my $name = '';
 $total++;
 open my $F, "git diff --numstat $pattern|"
|| die "Can't open git diff, $!\n";
@@ -33,17 +30,18 @@ while ( <$FH> ) {
next unless /(\d+)\s+(\d+)\s+(.*)/;
$adds += int($1);
$dels += int($2);
-   $name = $3 if $name eq '';
 }
 $tot_files += $files;
 $tot_adds += $adds;
 $tot_dels += $dels;
 close $F || die "Can't close git diff, $!\n";
 }
+close $FH || die "Can't close, $!,";
+
 printf "Authors  : %4d\n", $authors;
 printf "Commits  : %4d\n", $total;
 printf "Files: %4d (%.2f average)\n", $tot_files, $tot_files / $total;
 printf "Added lines  : %4d (%.2f average)\n", $tot_adds, $tot_adds / $total;
 printf "Deleted lines: %4d (%.2f average)\n", $tot_dels, $tot_dels / $total;
-
-close $FH || die "Can't close, $!,";
+my $tot = $tot_adds - $tot_dels;
+printf "Net change   : %4d (%.2f average)\n", $tot, $tot / $total;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  dd672a5f06f5ca4e516170902f1876b249445351 (commit)
  from  78f6c4c25ac5a0264903aefa00dfd5ab71da9fff (commit)


- Log -
commit dd672a5f06f5ca4e516170902f1876b249445351
Author: Rich Salz 
Date:   Tue Mar 6 14:34:26 2018 -0500

Formatting

---

Summary of changes:
 license/get-summary | 14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/license/get-summary b/license/get-summary
index b1b51df..b88627f 100755
--- a/license/get-summary
+++ b/license/get-summary
@@ -10,7 +10,12 @@ my $total = 0;
 my $tot_adds = 0;
 my $tot_files = 0;
 my $tot_dels = 0;
+my $authors = 0;
 while ( <$FH> ) {
+if ( /https:/ ) {
+   $authors++;
+   next;
+}
 next unless /([0-da-f]{8}) .*/;
 my $cid = $1;
 # Skip a big import
@@ -35,9 +40,10 @@ while ( <$FH> ) {
 $tot_dels += $dels;
 close $F || die "Can't close git diff, $!\n";
 }
-print "Commits  : $total\n";
-print "Files: $tot_files avg ", $tot_files / $total, "\n";
-print "Added lines  : $tot_adds avg ", $tot_adds / $total, "\n";
-print "Deleted lines: $tot_dels avg ", $tot_dels / $total, "\n";
+printf "Authors  : %4d\n", $authors;
+printf "Commits  : %4d\n", $total;
+printf "Files: %4d (%.2f average)\n", $tot_files, $tot_files / $total;
+printf "Added lines  : %4d (%.2f average)\n", $tot_adds, $tot_adds / $total;
+printf "Deleted lines: %4d (%.2f average)\n", $tot_dels, $tot_dels / $total;
 
 close $FH || die "Can't close, $!,";
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  78f6c4c25ac5a0264903aefa00dfd5ab71da9fff (commit)
  from  b884ccda58cf9e72c56f76d5aeac1663860d8c0b (commit)


- Log -
commit 78f6c4c25ac5a0264903aefa00dfd5ab71da9fff
Author: Rich Salz 
Date:   Tue Mar 6 11:58:48 2018 -0500

Add summary script

---

Summary of changes:
 license/get-summary | 43 +++
 1 file changed, 43 insertions(+)
 create mode 100755 license/get-summary

diff --git a/license/get-summary b/license/get-summary
new file mode 100755
index 000..b1b51df
--- /dev/null
+++ b/license/get-summary
@@ -0,0 +1,43 @@
+#! /usr/bin/env perl
+# Annotate the output of "get-followups -d" to show the summary
+# of all outstanding commits.
+use strict;
+use warnings;
+
+open my $FH, "./get-followups -d|" || die "Can't pipe, $!,";
+
+my $total = 0;
+my $tot_adds = 0;
+my $tot_files = 0;
+my $tot_dels = 0;
+while ( <$FH> ) {
+next unless /([0-da-f]{8}) .*/;
+my $cid = $1;
+# Skip a big import
+next if $cid eq 'd02b48c6';
+my $pattern = "$cid^..$cid";
+my $files = 0;
+my $adds = 0;
+my $dels = 0;
+my $name = '';
+$total++;
+open my $F, "git diff --numstat $pattern|"
+   || die "Can't open git diff, $!\n";
+while ( <$F> ) {
+   $files++;
+   next unless /(\d+)\s+(\d+)\s+(.*)/;
+   $adds += int($1);
+   $dels += int($2);
+   $name = $3 if $name eq '';
+}
+$tot_files += $files;
+$tot_adds += $adds;
+$tot_dels += $dels;
+close $F || die "Can't close git diff, $!\n";
+}
+print "Commits  : $total\n";
+print "Files: $tot_files avg ", $tot_files / $total, "\n";
+print "Added lines  : $tot_adds avg ", $tot_adds / $total, "\n";
+print "Deleted lines: $tot_dels avg ", $tot_dels / $total, "\n";
+
+close $FH || die "Can't close, $!,";
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  b884ccda58cf9e72c56f76d5aeac1663860d8c0b (commit)
  from  9be200755a8b9d64b1f3d60b62e0e8909facc976 (commit)


- Log -
commit b884ccda58cf9e72c56f76d5aeac1663860d8c0b
Author: Rich Salz 
Date:   Sat Mar 3 16:20:49 2018 -0500

Script to generate AUTHORS file text

---

Summary of changes:
 license/get-authors | 35 +++
 1 file changed, 35 insertions(+)
 create mode 100755 license/get-authors

diff --git a/license/get-authors b/license/get-authors
new file mode 100755
index 000..32c6bd1
--- /dev/null
+++ b/license/get-authors
@@ -0,0 +1,35 @@
+#! /usr/bin/env python
+"""get-authors
+
+Outputs text for an AUTHORS file.  No parameters.
+"""
+
+import mysql.connector
+import datetime, os, re, subprocess, sys, string, random
+import getopt
+
+dbconfig = {
+'user': 'licensereader',
+'password': open('ropass.txt').read().strip(),
+'database': 'license'
+}
+conn = mysql.connector.connect(**dbconfig)
+cursor = conn.cursor()
+
+try:
+opts, args = getopt.getopt(sys.argv[1:], "")
+except:
+print __doc__
+raise SystemExit
+
+for o,a in opts:
+pass
+
+q = "SELECT name,email FROM users WHERE reply='y' OR reply='d' ORDER BY name"
+cursor.execute(q)
+for row in cursor:
+name,email = row
+if name == email:
+print "<%s>" % (name,)
+else:
+print "%s <%s>" % (name, email)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  9be200755a8b9d64b1f3d60b62e0e8909facc976 (commit)
  from  d0ea3ada5275a432bd0e0fa4885f2b4df5668701 (commit)


- Log -
commit 9be200755a8b9d64b1f3d60b62e0e8909facc976
Author: Rich Salz 
Date:   Fri Mar 2 15:02:51 2018 -0500

Remove debugging print

---

Summary of changes:
 license/approved | 1 -
 1 file changed, 1 deletion(-)

diff --git a/license/approved b/license/approved
index eb0b218..c501bf8 100755
--- a/license/approved
+++ b/license/approved
@@ -37,7 +37,6 @@ for o,a in opts:
 verbose = 1
 elif o == '-m':
 comment = datetime.date.today().strftime('Email %Y-%m-%d')
-print comment
 else:
 print __doc__
 raise SystemExit
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  d0ea3ada5275a432bd0e0fa4885f2b4df5668701 (commit)
  from  11eee1439b2d9ed968d9bf39997765811f5c88a5 (commit)


- Log -
commit d0ea3ada5275a432bd0e0fa4885f2b4df5668701
Author: Rich Salz 
Date:   Fri Mar 2 10:41:14 2018 -0500

Add -m flag

---

Summary of changes:
 license/approved | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/license/approved b/license/approved
index 0cc2847..eb0b218 100755
--- a/license/approved
+++ b/license/approved
@@ -3,6 +3,7 @@
 
 Flags:
 -c text...  Comment to use
+-m  Use email+date as the comment
 -r  Reject not approve
 -h  This help
 -v  List emails as processed
@@ -26,7 +27,7 @@ cursor = conn.cursor()
 comment = 'From CLI';
 reply = 'y'
 verbose = 0
-opts, args = getopt.getopt(sys.argv[1:], "c:hrv")
+opts, args = getopt.getopt(sys.argv[1:], "c:hrvm")
 for o,a in opts:
 if o == '-c':
 comment = a
@@ -34,6 +35,9 @@ for o,a in opts:
 reply = 'n'
 elif o == '-v':
 verbose = 1
+elif o == '-m':
+comment = datetime.date.today().strftime('Email %Y-%m-%d')
+print comment
 else:
 print __doc__
 raise SystemExit
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  11eee1439b2d9ed968d9bf39997765811f5c88a5 (commit)
   via  5d89101b1a73f36045a2dd1c2c2b2cd4f92512f7 (commit)
  from  bffcd7e08a130d77ad480e35a3eec485fe06d23b (commit)


- Log -
commit 11eee1439b2d9ed968d9bf39997765811f5c88a5
Author: Rich Salz 
Date:   Fri Mar 2 07:57:29 2018 -0500

Add last-chance update

commit 5d89101b1a73f36045a2dd1c2c2b2cd4f92512f7
Author: Rich Salz 
Date:   Fri Mar 2 07:56:53 2018 -0500

Reformatting

---

Summary of changes:
 license/add-lastchance | 39 ++-
 license/index.html |  7 +++
 2 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/license/add-lastchance b/license/add-lastchance
index 963da01..5a21f03 100755
--- a/license/add-lastchance
+++ b/license/add-lastchance
@@ -6,7 +6,8 @@ use warnings;
 
 die "Feed this the output of 'get-followups -d'\n" if -t 0;
 
-print <<'EOF';
+my $blog = 'https://www.openssl.org//blog/blog/2017/03/22/license';
+print <https://www.openssl.org/blog/blog/2017/03/22/license/
-for some background.
-
-If you know where to find any of the following people, please email their
-current address to
-mailto:lice...@openssl.org;>lice...@openssl.org,
-or ask them to get in touch.
-
-
-Each contributor is separated by a blank line.  The first line is the last
-known email we have (not valid), and the full name if known.  Each following
-line has the number of files changed, lines added and deleted, the commit ID
-and date, and then the commit subject line.
-
-
-Thank you!
-
+We are looking for some people who have previously contributed
+to OpenSSL. See $blog for some background.
+If you know where to find any of the following people, please
+email their current address to
+mailto:license\@openssl.org;>license\@openssl.org,
+or ask them to get in touch.
+
+Each contributor is separated by a blank line.  The first
+line is the last known email we have, and the full name if known.
+Each following line has the number of files changed, lines added
+and deleted, the commit ID and date, and then the commit subject line.
+
+Thank you!
+
+Main page
+
 EOF
 
 my $users = 0;
@@ -84,7 +82,6 @@ while ( <> ) {
 }
 print < Apache License
   Version 2.0.
 
+
+Update: We are looking for the last few contributors, please
+see the https://license.openssl.org/trying-to-find
+page. Share it with your friends and colleagues who might have worked
+on or with OpenSSL.
+
 
   
If you received an email from us, please visit that link in a
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  bffcd7e08a130d77ad480e35a3eec485fe06d23b (commit)
  from  fcdb9f7458689f85815d9bd81d4b7c6dfdd5ced8 (commit)


- Log -
commit bffcd7e08a130d77ad480e35a3eec485fe06d23b
Author: Rich Salz 
Date:   Thu Mar 1 20:03:03 2018 -0500

Enhance "trying to find" page generator

Make links to each commit.
Put summary counts at the end.

---

Summary of changes:
 license/add-lastchance | 18 ++
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/license/add-lastchance b/license/add-lastchance
index 8249952..963da01 100755
--- a/license/add-lastchance
+++ b/license/add-lastchance
@@ -16,7 +16,7 @@ print <<'EOF';
 Help find these people
 
 We are looking for some people who have previously contributed to OpenSSL. See
-https://www.openssl.org/blog/blog/2017/03/22/license/
+https://www.openssl.org//blog/blog/2017/03/22/license/;>https://www.openssl.org/blog/blog/2017/03/22/license/
 for some background.
 
 If you know where to find any of the following people, please email their
@@ -33,11 +33,14 @@ and date, and then the commit subject line.
 
 Thank you!
 
-
 EOF
 
+my $users = 0;
+my $commits = 0;
+my $base = 'https://github.com/openssl/openssl/commit';
 while ( <> ) {
 unless ( /([0-da-f]{8}) .*/ ) {
+   $users++ if /https:/;
s/.*uid.[0-9]+, //;
s/, \d, /, /;
s/"//g;
@@ -50,13 +53,18 @@ while ( <> ) {
} else {
print;
}
+   print "\n";
next;
 }
+$commits++;
 my $cid = $1;
+chop;
 my $line = $_;
 $line =~ s/^\s*//;
+$line =~ s/\n";
next;
 }
 my $pattern = "$cid^..$cid";
@@ -72,11 +80,13 @@ while ( <> ) {
$dels += int($2);
 }
 close $F || die "Can't close git diff, $!\n";
-print "$files +$adds -$dels $line";
+print "$files +$adds -$dels $line\n";
 }
-print <<'EOF';
+print <

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  fcdb9f7458689f85815d9bd81d4b7c6dfdd5ced8 (commit)
  from  b56ac254a6398d5611e8b48fad9c50e43520ea31 (commit)


- Log -
commit fcdb9f7458689f85815d9bd81d4b7c6dfdd5ced8
Author: Richard Levitte 
Date:   Thu Mar 1 11:30:41 2018 +0100

addrev: better parsing of github IDs

dot-asm was accepted but not t-j-h

---

Summary of changes:
 review-tools/addrev | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/review-tools/addrev b/review-tools/addrev
index fdf2aa5..0bd28a5 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -14,7 +14,7 @@ my $useself = 1;
 my $my_email;
 
 foreach (@ARGV) {
-if (/^[a-z]+$/ || /^\@(?:\w|\w-\w)+$/) {
+if (/^[a-z]+$/ || /^\@\w(?:[-\w]*\w)?$/) {
 $args .= "--reviewer=$_ ";
 } elsif (/^--reviewer=(.+)$/) {
 $args .= "--reviewer=$1 ";
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  b56ac254a6398d5611e8b48fad9c50e43520ea31 (commit)
  from  4a45104b1146f500bd0db1c921d3101cd10099b4 (commit)


- Log -
commit b56ac254a6398d5611e8b48fad9c50e43520ea31
Author: Rich Salz 
Date:   Fri Feb 23 16:03:26 2018 -0500

Formatting tweaks

---

Summary of changes:
 license/add-lastchance | 24 +---
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/license/add-lastchance b/license/add-lastchance
index 3d963f6..8249952 100755
--- a/license/add-lastchance
+++ b/license/add-lastchance
@@ -9,20 +9,28 @@ die "Feed this the output of 'get-followups -d'\n" if -t 0;
 print <<'EOF';
 
   
-Help find these hackers
+Help find these people
 
   
   
-Help find these hackers
-
+Help find these people
+
+We are looking for some people who have previously contributed to OpenSSL. See
+https://www.openssl.org/blog/blog/2017/03/22/license/
+for some background.
+
 If you know where to find any of the following people, please email their
-current address to lice...@openssl.org, or ask them to get in touch.
-
+current address to
+mailto:lice...@openssl.org;>lice...@openssl.org,
+or ask them to get in touch.
+
+
 Each contributor is separated by a blank line.  The first line is the last
 known email we have (not valid), and the full name if known.  Each following
 line has the number of files changed, lines added and deleted, the commit ID
 and date, and then the commit subject line.
-
+
+
 Thank you!
 
 
@@ -69,6 +77,8 @@ while ( <> ) {
 print <<'EOF';
 
 
-
+
+Main page
+  
 
 EOF
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  4a45104b1146f500bd0db1c921d3101cd10099b4 (commit)
   via  8609abfd6aca838ed58095e670005791466e4307 (commit)
  from  81f14d3c92704e0a1bc18fdc5f47d62cf086812f (commit)


- Log -
commit 4a45104b1146f500bd0db1c921d3101cd10099b4
Author: Rich Salz 
Date:   Wed Feb 21 14:17:49 2018 -0500

Add "last chance looking for" webpage generator

commit 8609abfd6aca838ed58095e670005791466e4307
Author: Rich Salz 
Date:   Wed Feb 21 13:54:21 2018 -0500

Secondary sort in email order

---

Summary of changes:
 license/README |  2 ++
 license/add-lastchance | 74 ++
 license/get-followups  |  2 +-
 3 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100755 license/add-lastchance

diff --git a/license/README b/license/README
index aa713db..3db5742 100644
--- a/license/README
+++ b/license/README
@@ -10,6 +10,8 @@ Tools
 rmcommit -- Remove a set of commits from a user's activity
 rmuser -- Remove specified email authors from database
 whattoremove -- Commits to remove for folks who said no
+add-counts -- add commit data to output of get-followups
+add-lastchance -- "last chance trying to reach" version of add-counts
 
 Passwords; create these files.  One line per each
 adpass.txt -- HTTP password for admin functions
diff --git a/license/add-lastchance b/license/add-lastchance
new file mode 100755
index 000..3d963f6
--- /dev/null
+++ b/license/add-lastchance
@@ -0,0 +1,74 @@
+#! /usr/bin/env perl
+# Annotate the output of "get-followups -d" to show the stats
+# of each commit for a "last chance trying to find" page.
+use strict;
+use warnings;
+
+die "Feed this the output of 'get-followups -d'\n" if -t 0;
+
+print <<'EOF';
+
+  
+Help find these hackers
+
+  
+  
+Help find these hackers
+
+If you know where to find any of the following people, please email their
+current address to lice...@openssl.org, or ask them to get in touch.
+
+Each contributor is separated by a blank line.  The first line is the last
+known email we have (not valid), and the full name if known.  Each following
+line has the number of files changed, lines added and deleted, the commit ID
+and date, and then the commit subject line.
+
+Thank you!
+
+
+EOF
+
+while ( <> ) {
+unless ( /([0-da-f]{8}) .*/ ) {
+   s/.*uid.[0-9]+, //;
+   s/, \d, /, /;
+   s/"//g;
+   if ( /([^,]*), (.*)/ ) {
+   if ( $1 eq $2 ) {
+   print "$1>\n";
+   } else {
+   print "$2 $1>\n";
+   }
+   } else {
+   print;
+   }
+   next;
+}
+my $cid = $1;
+my $line = $_;
+$line =~ s/^\s*//;
+if ( $cid eq 'd02b48c6' ) {
+   print "- +0/-0 ", $_;
+   next;
+}
+my $pattern = "$cid^..$cid";
+my $files = 0;
+my $adds = 0;
+my $dels = 0;
+open my $F, "git diff --numstat $pattern|"
+   || die "Can't open git diff, $!\n";
+while ( <$F> ) {
+   $files++;
+   next unless /(\d+)\s+(\d+)\s+(.*)/;
+   $adds += int($1);
+   $dels += int($2);
+}
+close $F || die "Can't close git diff, $!\n";
+print "$files +$adds -$dels $line";
+}
+print <<'EOF';
+
+
+
+
+EOF
diff --git a/license/get-followups b/license/get-followups
index 11fafb3..1d9472c 100755
--- a/license/get-followups
+++ b/license/get-followups
@@ -34,7 +34,7 @@ for o,a in opts:
 rows = []
 q = ('SELECT users.uid,email,reply,name,count(log.uid) FROM users'
 ' LEFT JOIN log ON log.uid = users.uid'
-' WHERE reply = "-" GROUP BY email ORDER BY count(log.uid)' )
+' WHERE reply = "-" GROUP BY email ORDER BY count(log.uid), email' )
 cursor.execute(q)
 for row in cursor:
 uid,email,reply,name,count = row
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  81f14d3c92704e0a1bc18fdc5f47d62cf086812f (commit)
   via  a930f701aee0dc0c4ad61ebc792c2281b1f90cbb (commit)
  from  4beedb93e58fd4a25c2d4a293dfade202c980633 (commit)


- Log -
commit 81f14d3c92704e0a1bc18fdc5f47d62cf086812f
Author: Richard Levitte 
Date:   Tue Feb 13 15:10:22 2018 +0100

release-tools/do-copyright-year: in file sed

To make sure we don't lose file permissions, use sed -i

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/12)

commit a930f701aee0dc0c4ad61ebc792c2281b1f90cbb
Author: Richard Levitte 
Date:   Tue Feb 13 15:08:37 2018 +0100

release-tools/do-copyright-year: don't resurect deleted files

Use 'git diff-tree --name-status' to get the current status of each
file.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/12)

---

Summary of changes:
 release-tools/do-copyright-year | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/release-tools/do-copyright-year b/release-tools/do-copyright-year
index 59b9235..6c3d710 100755
--- a/release-tools/do-copyright-year
+++ b/release-tools/do-copyright-year
@@ -29,10 +29,10 @@ EOF
 
 NYD=`date +%Y-01-01`
 echo Updating copryight
-git diff-tree -r --name-only `git rev-list -1 --before=$NYD HEAD`..HEAD \
-   | while read FILE ; do
-sed -E -f /tmp/sed$$ "$FILE" >/tmp/$$
-mv /tmp/$$ "$FILE"
+git diff-tree -r --name-status `git rev-list -1 --before=$NYD HEAD`..HEAD \
+   | while read STATUS FILE ; do
+if [ "$STATUS" = 'D' ]; then continue; fi
+sed -E -f /tmp/sed$$ -i "$FILE"
 git add "$FILE"
 done
 echo Committing change locally.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  4beedb93e58fd4a25c2d4a293dfade202c980633 (commit)
  from  027c9909fca039095fe8c69ebe9bd3ce0bba59cd (commit)


- Log -
commit 4beedb93e58fd4a25c2d4a293dfade202c980633
Author: Rich Salz 
Date:   Tue Feb 13 10:03:03 2018 -0500

Fix typo, mention GH source

---

Summary of changes:
 release-tools/mkrelease.pl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/release-tools/mkrelease.pl b/release-tools/mkrelease.pl
index 4012e4d..69e337f 100644
--- a/release-tools/mkrelease.pl
+++ b/release-tools/mkrelease.pl
@@ -333,10 +333,11 @@ if ( !$no_release ) {
Please download and check this $label release as soon as possible.
To report a bug, open an issue on GitHub:
 
-ttps://github.com/openssl/openssl/issues
+https://github.com/openssl/openssl/issues
 
Please check the release notes and mailing lists to avoid duplicate
-   reports of known issues.
+   reports of known issues. (Of course, the source is also available
+   on GitHub.)
 
Yours,
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Matt Caswell]

The branch master has been updated
   via  027c9909fca039095fe8c69ebe9bd3ce0bba59cd (commit)
  from  9d9fdc1727e3ff90d25dbccb4c530312b897536f (commit)


- Log -
commit 027c9909fca039095fe8c69ebe9bd3ce0bba59cd
Author: Matt Caswell 
Date:   Tue Feb 13 10:34:40 2018 +

Don't sanity check the FIPS version during a release

This is no longer included in the opensslv.h header file for 1.1.1, so
we should not sanity check it.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/10)

---

Summary of changes:
 release-tools/release-check.pl | 9 +
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/release-tools/release-check.pl b/release-tools/release-check.pl
index 91ee7c0..cac5918 100644
--- a/release-tools/release-check.pl
+++ b/release-tools/release-check.pl
@@ -112,13 +112,6 @@ sub openssl_check_version_h {
 check_str( "opensslv.h: HEX version", $hexversion, $1, \$ok );
 $hex_done = 1;
 } elsif (
-/OPENSSL_VERSION_TEXT\s+\"OpenSSL (\S*fips\S*)\s+(\([[:alpha:]]+\)\s+)?(.*)\"/
-  )
-{
-check_str( "opensslv.h: FIPS version", $version_fips, $1, \$ok );
-check_str( "opensslv.h: FIPS date",$date, $3, \$ok );
-$fips_done = 1;
-} elsif (
 /OPENSSL_VERSION_TEXT\s+\"OpenSSL (\S*)\s+(\([[:alpha:]]+\)\s+)?(.*)\"/
   )
 {
@@ -126,7 +119,7 @@ sub openssl_check_version_h {
 check_str( "opensslv.h: date",$date,$3, \$ok );
 $version_done = 1;
 }
-if ( $hex_done && $fips_done && $version_done ) {
+if ( $hex_done && $version_done ) {
 close IN;
 return $ok;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  9d9fdc1727e3ff90d25dbccb4c530312b897536f (commit)
   via  7723f7c116e2024e727648fe369133b0fc8f70e5 (commit)
  from  da7d7b372dc15d739df3ba7aff2c1a4292148515 (commit)


- Log -
commit 9d9fdc1727e3ff90d25dbccb4c530312b897536f
Author: Richard Levitte 
Date:   Thu Feb 8 19:39:21 2018 +0100

run-checker-autohooks: make some variables mandatory

REPORT_FROM and REPORT_RECIPIENT *must* be assigned something to
be useful.  The defaults are removed, as they are internal for the
OpenSSL Team machinery

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/9)

commit 7723f7c116e2024e727648fe369133b0fc8f70e5
Author: Richard Levitte 
Date:   Thu Feb 8 19:37:59 2018 +0100

run-checker-autohooks: update README for accuracy

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/9)

---

Summary of changes:
 run-checker/run-checker-autohooks/README   | 14 
 run-checker/run-checker-autohooks/hook-end | 56 --
 2 files changed, 36 insertions(+), 34 deletions(-)

diff --git a/run-checker/run-checker-autohooks/README 
b/run-checker/run-checker-autohooks/README
index a4039b7..87e4be4 100644
--- a/run-checker/run-checker-autohooks/README
+++ b/run-checker/run-checker-autohooks/README
@@ -9,11 +9,11 @@ repeatedly, for example as a cron job.
 
 Example setup:
 
-$ git clone openssl-...@git.openssl.org:bureau.git bureau
+$ git clone git://git.openssl.org/tools.git tools
 $ mkdir ~/run-checker
 $ cd ~/run-checker
-$ ln -s ../bureau/run-checker.sh \
-   ../bureau/run-checker-autohooks/hook-{prepare,start,end,takedown} \
+$ ln -s ../tools/run-checker/run-checker.sh \
+
../tools/run-checker/run-checker-autohooks/hook-{prepare,start,end,takedown} \
.
 $ git clone openssl-...@git.openssl.org:openssl.git openssl
 
@@ -30,13 +30,13 @@ In addition to the hooks, one can also have a shell script 
called
 
 - REPORT_FROM
 
-  The email address used in the report From: header.  Defaults to
-  'OpenSSL run-checker '
+  The email address used in the report From: header.  This MUST be
+  assigned a value or reports will not be posted.
 
 - REPORT_RECIPIENT
 
-  The email address reports will get sent to.  Defaults to
-  ''
+  The email address reports will get sent to.  This MUST be assigned a
+  value or reports will not be posted.
 
 - SKIP_OPTS
 
diff --git a/run-checker/run-checker-autohooks/hook-end 
b/run-checker/run-checker-autohooks/hook-end
index 70c51b9..c95051b 100755
--- a/run-checker/run-checker-autohooks/hook-end
+++ b/run-checker/run-checker-autohooks/hook-end
@@ -3,8 +3,8 @@
 here=$(cd $(dirname $0); pwd)
 rcd=$here/.run-checker-data
 
-REPORT_RECIPIENT=''
-REPORT_FROM='OpenSSL run-checker '
+REPORT_RECIPIENT=
+REPORT_FROM=
 if [ -f $rcd/new/hook-config ]; then
 . $rcd/new/hook-config
 fi
@@ -38,47 +38,49 @@ if (
 
 # If the build failed or the status changed since last time, report
 if [ "$newstatus" == "fail" -o "$newstatus" != "$curstatus" ]; then
-(
-statusword=FAILED
-if [ "$newstatus" == "pass" ]; then
-statusword=SUCCESSFUL
-elif [ "$curstatus" == "fail" ]; then
-statusword="Still FAILED"
-fi
-echo "From: $REPORT_FROM"
-echo "To: $REPORT_RECIPIENT"
-echo "Subject: $statusword build of OpenSSL branch $gitbranch with 
options $expandedopts"
-cat 

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  da7d7b372dc15d739df3ba7aff2c1a4292148515 (commit)
  from  7823d374c6841eac48a7baf1f2955eb962b5305d (commit)


- Log -
commit da7d7b372dc15d739df3ba7aff2c1a4292148515
Author: Richard Levitte 
Date:   Thu Feb 8 19:25:20 2018 +0100

run-checker: enhance README

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/8)

---

Summary of changes:
 run-checker/README | 90 --
 1 file changed, 88 insertions(+), 2 deletions(-)

diff --git a/run-checker/README b/run-checker/README
index cc589b6..b9540a0 100644
--- a/run-checker/README
+++ b/run-checker/README
@@ -1,2 +1,88 @@
-This tool is used to build various config options of openssl
-and generate okay/fail reports.
+This tool is used to build various predefined config options of
+openssl and generate okay/fail reports.  The array of config options
+is found in run-checker.sh, assigned to 'opts'.
+
+Quick manual run
+
+
+To run a check on the master branch:
+
+git clone git://git.openssl.org/openssl.git openssl
+/path/to/run-checker.sh
+
+To run a check on a release branch:
+
+git clone -b OpenSSL_1_1_0-stable git://git.openssl.org/openssl.git openssl
+/path/to/run-checker.sh
+
+
+Hooks
+-
+
+run-checker supports a few hooks, in form of scripts that are
+executed:
+
+hook-prepare   This script is run once, when run-checker is
+   starting.  If it exits with a status other
+   than zero, run-checker.sh will stop.  It gets
+   no arguments.
+
+hook-start This script is run before each option build.
+   If it exits with a status other than zero,
+   run-checker.sh will skip the current build.
+   It gets the following arguments:
+
+   $1  The build directory.
+   $2  The option being checked.
+   $3...   Configure options and arguments.
+
+hook-end   This script is run after each option build.
+   If gets the following arguments:
+
+   $1  The build directory.
+   $2  "pass" or "fail", depending on the
+   build result.
+
+hook-takedown  This script is run once, just before
+   run-checker terminates.  It gets no arguments.
+
+
+The hooks and documentation in run-checker-autohooks are an advanced
+example, and what the OpenSSL Team runs daily (automatically).
+
+
+Example hooks 1
+---
+
+The run-checker script uses disk space by leaving every build tree
+behind!  It may be that you want to clear the build tree after each
+build.  This little hook can help:
+
+hook-end:
+
+#! /bin/sh
+builddir="$1"
+mv "$builddir"/build.log "$builddir".log && rm -rf "$builddir"
+
+Example hook 2
+--
+
+This is a variant of Example hook 1 that saves away the build dir into
+a tarball:
+
+hook-end:
+
+#! /bin/sh
+builddir="$1"
+tar --remove-files -cJf "$builddir.tar.xz" "./$builddir"
+
+Example hook 3
+--
+
+You might want to avoid some builds, based on the options.  For
+example, all the fuzz builds may require installations that you're not
+willing to do.  hook-start is the perfect place for this:
+
+#! /bin/sh
+if [ echo "$2" | grep -E '.*fuzz.*' ]; then exit 1; fi
+exit 0
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Matt Caswell]

The branch master has been updated
   via  7823d374c6841eac48a7baf1f2955eb962b5305d (commit)
  from  27296557068a17464f17533d89d4fa6f3555b909 (commit)


- Log -
commit 7823d374c6841eac48a7baf1f2955eb962b5305d
Author: Matt Caswell 
Date:   Fri Dec 8 10:13:21 2017 +

Add an option to not add yourself as a reviewer

Every now and then I need to merge a commit that I did not author or
review (someone else has done those things). This adds an option to addrev
to enable you to add the "Reviewed by" headers without also adding
yourself.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/6)

---

Summary of changes:
 review-tools/addrev | 13 +
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/review-tools/addrev b/review-tools/addrev
index 6b3d64a..fdf2aa5 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -9,6 +9,7 @@ my $list_reviewers = 0;
 my $help = 0;
 my $haveprnum = 0;
 my $trivial = 0;
+my $useself = 1;
 
 my $my_email;
 
@@ -23,6 +24,8 @@ foreach (@ARGV) {
 $args .= "--trivial ";
 } elsif (/^--verbose$/) {
 $args .= "--verbose ";
+} elsif (/^--noself$/) {
+$useself = 0;
 } elsif (/^--myemail=(.+)$/) {
 $my_email = $1;
 } elsif (/^--nopr$/) {
@@ -56,11 +59,13 @@ if ($help) {
 
 die "Need either --prnum or --nopr flag" unless $haveprnum;
 
-if (!defined $my_email) {
-$my_email = `git config --get user.email`;
-}
+if ($useself) {
+if (!defined $my_email) {
+$my_email = `git config --get user.email`;
+}
 
-$args .= "--myemail=$my_email ";
+$args .= "--myemail=$my_email ";
+}
 
 system("git filter-branch -f --tag-name-filter cat --msg-filter \"gitaddrev 
$args\" $filterargs");
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  27296557068a17464f17533d89d4fa6f3555b909 (commit)
  from  bb40e3e6bcd68b3ba9ba4e71751d9f8e630f63cf (commit)


- Log -
commit 27296557068a17464f17533d89d4fa6f3555b909
Author: Rich Salz 
Date:   Sat Feb 3 18:23:50 2018 -0500

Add our release tools

---

Summary of changes:
 release-tools/MKRELEASE.md   | 168 +++
 release-tools/README.md  | 320 +
 release-tools/do-copyright-year  |  40 
 release-tools/do-release.pl  | 209 +++
 release-tools/mkrelease.pl   | 427 +++
 release-tools/release-check.pl   | 215 
 release-tools/release-date.pl|  64 ++
 release-tools/release-git.pl | 164 +++
 release-tools/release-update.pl  | 153 ++
 release-tools/release-version.pl | 179 
 10 files changed, 1939 insertions(+)
 create mode 100644 release-tools/MKRELEASE.md
 create mode 100644 release-tools/README.md
 create mode 100755 release-tools/do-copyright-year
 create mode 100644 release-tools/do-release.pl
 create mode 100644 release-tools/mkrelease.pl
 create mode 100644 release-tools/release-check.pl
 create mode 100644 release-tools/release-date.pl
 create mode 100644 release-tools/release-git.pl
 create mode 100644 release-tools/release-update.pl
 create mode 100644 release-tools/release-version.pl

diff --git a/release-tools/MKRELEASE.md b/release-tools/MKRELEASE.md
new file mode 100644
index 000..04d6dc7
--- /dev/null
+++ b/release-tools/MKRELEASE.md
@@ -0,0 +1,168 @@
+# Documentation on the mkrelease.pl script
+
+This file provides an overview of the mkrelease.pl script, and how to
+configure some of its parameters (by setting environment variables).
+It is normally run by following the process in README.md and should be
+run in a pristine directgory of the branch to be released, which must
+be a stable branch.
+
+The script handles most of the processes involved in making a release
+including:
+
+1. Doing `make update`
+2. Changing version numbers in various files
+3. Tagging release
+4. Making the tarballs, .md5, .sha1, .sha256 and .gpg files
+5. Creating the signed email announcement, including hashes of release
+6. Uploading files to dev.openssl.org
+7. Updating the version for next release
+
+If you plan to make an actual release make sure your GPG key is included
+in the [OMC list](https://www.openssl.org/community/omc.html) on the website
+and in the file doc/fingerprints.txt of *all* active branches.
+
+The script mkrelease.pl calls the files release-check.pl, release-date.pl,
+release-git.pl, release-update.pl and release-version.pl, which are expected
+to all be in the same directory.
+
+You are advised to clone a fresh repository. Unless you specify `--no-clean`
+the release process will run `git clean -x -d -f`
+*WARNING* this will delete ALL untracked files from the current branch.
+
+From the branch directory if you run:
+
+perl /path/to/mkrelease.pl --reviewer=name
+
+It should perform all of the above steps and commit changes locally. You can
+then sanity check these with `git log` before pushing them to the public repo.
+
+## Environment Variables
+
+- OPENSSL
+  Path to openssl utility to use. Default is `openssl`.
+
+- OPENSSL_TAR
+  The tar command to use when creating the tarball. Default is `tar`.
+
+- OPENSSL_GPG
+  The gpg command to use when signing a tarball or announcement.
+  The default is `gpg` which will use gpg with the default key.
+  If you wish to use a different, key set OPENSSL_GPG to include
+  appropriate options.
+
+- OPENSSL_GPG_TAR
+  Command to use to sign a tarball.
+  The default is: `$OPENSSL_GPG --use-agent -sba`
+
+- OPENSSL_GPG_ANNOUNCE
+  The command to use to sign a tarball.
+  The default is: `$OPENSSL_GPG --use-agent -sta --clearsign`
+
+- OPENSSL_SCP
+  The command to use to upload files.
+  The default is `scp`
+
+- OPENSSL_SCP_HOST
+  The host (and optional username) needed to upload files.
+  The default is `dev.openssl.org`, but you might want to change this to
+  `usern...@dev.openssl.org`
+
+- OPENSSL_SCP_DIR
+  The directory to upload files to.
+  Normally this wont be changed from the default which is
+  `$OPENSSL_SCP_HOST:~openssl/dist/new`
+  This is a holding area on dev.openssl.org where distributions are uploaded
+  temporarily before being moved to the web and ftp directories.
+
+For local testing, you can do something like this:
+
+export OPENSSL_SCP=cp
+export OPENSSL_SCP_DIR="$HOME/testdir"
+
+## Options
+
+- `--revert`
+  Remove all local changes from repository and delete any release tag. This
+  returns the local tree to the same state as before a release attempt was
+  made.
+
+- `--reviewer=name`
+  Add reviewer `name` to list of 

[openssl-commits] [tools] master update

[Rich Salz]

The branch master has been updated
   via  bb40e3e6bcd68b3ba9ba4e71751d9f8e630f63cf (commit)
   via  f2effd8b3868d3aff563d3a3c31c873598a08e2b (commit)
   via  c74b36e1cb2dec9183928b00a065131909c9412e (commit)
  from  9c2a1bcbb06f1075307267fe16bd34e43f750cd4 (commit)


- Log -
commit bb40e3e6bcd68b3ba9ba4e71751d9f8e630f63cf
Author: Dr. Matthias St. Pierre 
Date:   Fri Jan 26 15:32:35 2018 +0100

add missing quotes to fix runtime error [fixup]

commit f2effd8b3868d3aff563d3a3c31c873598a08e2b
Author: Dr. Matthias St. Pierre 
Date:   Fri Jan 26 12:08:48 2018 +0100

correct whitespace errors [fixup]

commit c74b36e1cb2dec9183928b00a065131909c9412e
Author: Dr. Matthias St. Pierre 
Date:   Fri Jan 26 10:33:22 2018 +0100

ghmerge: improve error handling

When python3 is the default python interpreter, the embedded script
fails with a syntax error at the print statement. In the absence of
error checking, this leads to a cascade of unhandled errors, ending
up in an empty pager window. Here an example:

  ghmerge prnum reviewer1 reviewer2

- the empty output of the python command causes the env command to print
  the (named and positional) parameters instead of clearing $1 and $2.
  Consequently, the script assigns WHO=reviewer1 and BRANCH=reviewer2.

- git checks out a local branch reviewer1-reviewer2 and tries to pull
  from https://github.com/reviewer1/openssl.git reviewer2
  This call fails, and again the error is ignored.

- The call `git diff reviewer1-reviewer2` leads to the empty pager
  window, since git has no diffs to show.

Countermeasures

- make the python script work for python2 and python3
- add a break-on-error statement (`set -o errexit`, aka `set -e`)
- replace `set` by `set --` which changes the behaviour of the set
  command as desired (see `man set`).
- add an explicit check for $WHO and $BRANCH
- add an exit trap for cleaning up the branch

Signed-off-by: Dr. Matthias St. Pierre 

---

Summary of changes:
 review-tools/ghmerge | 29 +++--
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index 401d80c..b1aebb9 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -1,5 +1,7 @@
 #! /bin/bash
 
+set -o errexit
+
 if [ ! -d .git ] ; then
 echo Not at top-level
 exit 1
@@ -31,17 +33,34 @@ esac
 
 curl -s https://api.github.com/repos/openssl/openssl/pulls/$PRNUM >/tmp/gh$$
 TEAM=$*
-set `python -c '
+set -- `python -c '
+from __future__ import print_function
 import json, sys;
-print str(json.load(sys.stdin)["head"]["label"]).replace(":", " ")' https://github.com/$WHO/openssl.git $BRANCH
 git rebase $REL
 echo Diff against $REL
@@ -52,7 +71,7 @@ addrev $TRIVIAL --prnum=$PRNUM $TEAM ${REL}..
 git checkout $REL
 if [ "$MERGE" == "yes" ] ; then
 git merge --no-commit --squash $WORK
-AUTHOR=`git show --no-patch --pretty=format:%an <%ae> $WORK`
+AUTHOR=`git show --no-patch --pretty="format:%an <%ae>" $WORK`
 git commit --author="$AUTHOR"
 else
 git rebase $WORK
@@ -72,5 +91,3 @@ done
 if [ "$x" = "y" -o "$x" = "yes" ] ; then
 git push origin $REL
 fi
-
-git branch -D $WORK
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Matt Caswell]

The branch master has been updated
   via  9c2a1bcbb06f1075307267fe16bd34e43f750cd4 (commit)
  from  c1388cc424c5c1aaab2b1193e7d9a82310a0e6de (commit)


- Log -
commit 9c2a1bcbb06f1075307267fe16bd34e43f750cd4
Author: Matt Caswell 
Date:   Fri Dec 8 09:48:09 2017 +

Ignore case when checking author against cladb

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/5)

---

Summary of changes:
 review-tools/gitaddrev | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev
index a53d9ad..2beb48a 100755
--- a/review-tools/gitaddrev
+++ b/review-tools/gitaddrev
@@ -30,7 +30,7 @@ my @unknown_reviewers;
 my $skip_reviewer;
 my $omccount = 0;
 sub try_add_reviewer {
-my $id = shift;
+my $id = lc(shift);
 my $rc = undef;
 my $id2 = $id =~ /^\@(.*)$/ ? { github => $1 } : $id;
 my $rev = $query->find_person_tag($id2, 'rev');
@@ -123,7 +123,7 @@ if (my $rev = try_add_reviewer($ENV{GIT_AUTHOR_EMAIL})) {
 # In case the author is unknown to our databases or is lacking a CLA,
 # we need to be extra careful to check if this is supposed to be a
 # trivial commit.
-my $author = $ENV{GIT_AUTHOR_EMAIL};
+my $author = lc($ENV{GIT_AUTHOR_EMAIL});
 
 # Note: it really should be enough to check if $author is unknown, since
 # the databases are supposed to be consistent with each other.  However,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [tools] master update

[Richard Levitte]

The branch master has been updated
   via  c1388cc424c5c1aaab2b1193e7d9a82310a0e6de (commit)
  from  4d6363793d47c66069634a58c0d21c5e52e2e3b7 (commit)


- Log -
commit c1388cc424c5c1aaab2b1193e7d9a82310a0e6de
Author: Richard Levitte 
Date:   Wed Dec 6 17:15:19 2017 +0100

run-checker: add run-checker-cleanup.sh

This is a companion script for run-checker.sh, to be used as emergency
cleanup if run-checker.sh was killed in the middle of its operation
and left behind lock files / directories.

Typically, this would appear in a crontab, like this:

@reboot  (set -x; cd ${HOME}/run-checker && bash 
./run-checker-cleanup.sh)

---

Summary of changes:
 run-checker/run-checker-cleanup.sh | 18 ++
 1 file changed, 18 insertions(+)
 create mode 100755 run-checker/run-checker-cleanup.sh

diff --git a/run-checker/run-checker-cleanup.sh 
b/run-checker/run-checker-cleanup.sh
new file mode 100755
index 000..6e8b383
--- /dev/null
+++ b/run-checker/run-checker-cleanup.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+#Script for emergency cleanup of the run-checker.sh work directory
+#Place this script in the same directory as run-checker.sh
+
+#This really just runs the takedown hook, so unless there are any
+#hooks present, nothing at all will happen.
+
+here=$(cd $(dirname $0); pwd)
+
+run-hook () {
+local hookname=$1; shift
+if [ -x $here/hook-$hookname ]; then
+(cd $here; ./hook-$hookname "$@")
+fi
+}
+
+run-hook takedown
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits