This release incorporates the following bug fixes and mitigations: - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119]) - Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535]) Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html Co-authored-by: gordon MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D46602 Merge commit '108164cf95d9594884c2dcccba2691335e6f221b'
4.9 KiB
HOW TO CONTRIBUTE TO OpenSSL
Please visit our Getting Started page for other ideas about how to contribute.
Development is done on GitHub in the openssl/openssl repository.
To request a new feature, ask a question, or report a bug, please open an issue on GitHub.
To submit a patch or implement a new feature, please open a pull request on GitHub. If you are thinking of making a large contribution, open an issue for it before starting work, to get comments from the community. Someone may be already working on the same thing, or there may be special reasons why a feature is not implemented.
To make it easier to review and accept your pull request, please follow these guidelines:
-
Anything other than a trivial contribution requires a Contributor License Agreement (CLA), giving us permission to use your code. If your contribution is too small to require a CLA (e.g., fixing a spelling mistake), then place the text "
CLA: trivial
" on a line by itself below the rest of your commit message separated by an empty line, like this:One-line summary of trivial change Optional main body of commit message. It might contain a sentence or two explaining the trivial change. CLA: trivial
It is not sufficient to only place the text "
CLA: trivial
" in the GitHub pull request description.To amend a missing "
CLA: trivial
" line after submission, do the following:git commit --amend # add the line, save and quit the editor git push -f [<repository> [<branch>]]
-
All source files should start with the following text (with appropriate comment characters at the start of each line and the year(s) updated):
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html
-
Patches should be as current as possible; expect to have to rebase often. We do not accept merge commits, you will have to remove them (usually by rebasing) before it will be acceptable.
-
Code provided should follow our coding style and documentation policy and compile without warnings. There is a Perl tool that helps finding code formatting mistakes and other coding style nits. Where
gcc
orclang
is available, you should use the--strict-warnings
Configure
option. OpenSSL compiles on many varied platforms: try to ensure you only use portable features. Clean builds via GitHub Actions are required. They are started automatically whenever a PR is created or updated by committers. -
When at all possible, code contributions should include tests. These can either be added to an existing test, or completely new. Please see test/README.md for information on the test framework.
-
New features or changed functionality must include documentation. Please look at the
.pod
files indoc/man[1357]
for examples of our style. Runmake doc-nits
to make sure that your documentation changes are clean. -
For user visible changes (API changes, behaviour changes, ...), consider adding a note in CHANGES.md. This could be a summarising description of the change, and could explain the grander details. Have a look through existing entries for inspiration. Please note that this is NOT simply a copy of git-log one-liners. Also note that security fixes get an entry in CHANGES.md. This file helps users get more in-depth information of what comes with a specific release without having to sift through the higher noise ratio in git-log.
-
For larger or more important user visible changes, as well as security fixes, please add a line in NEWS.md. On exception, it might be worth adding a multi-line entry (such as the entry that announces all the types that became opaque with OpenSSL 1.1.0). This file helps users get a very quick summary of what comes with a specific release, to see if an upgrade is worth the effort.
-
Guidelines how to integrate error output of new crypto library modules can be found in crypto/err/README.md.