From b38052ad3865b6a1b030047c6ae7df1c3e20a197 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 31 Jan 2025 07:12:46 -0800
Subject: [PATCH 1/8] Attempt to fix CI by pinning to the Ubuntu 22.04 image

---
 .github/workflows/ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 212183e2c..927280505 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -216,7 +216,7 @@ jobs:
                 name: libressl
                 version: 4.0.0
       name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }}
-      runs-on: ubuntu-latest
+      runs-on: ubuntu-22.04
       env:
         OPENSSL_DIR: /opt/openssl
         CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc
@@ -248,7 +248,7 @@ jobs:
         - uses: actions/cache@v4
           with:
             path: /opt/openssl
-            key: openssl-${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-6
+            key: openssl-${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-7
           if: matrix.library.version != 'vendored'
           id: openssl-cache
         - run: |

From 36720a549b870e277be568830ba51c68591f5674 Mon Sep 17 00:00:00 2001
From: Theo Buehler <tb@openbsd.org>
Date: Fri, 31 Jan 2025 07:36:30 +0100
Subject: [PATCH 2/8] Remove EC_METHOD and EC_GROUP_new for LibreSSL 4.1

---
 openssl-sys/build/cfgs.rs         | 3 +++
 openssl-sys/build/main.rs         | 1 +
 openssl-sys/src/handwritten/ec.rs | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/openssl-sys/build/cfgs.rs b/openssl-sys/build/cfgs.rs
index cd03888e6..ca9970740 100644
--- a/openssl-sys/build/cfgs.rs
+++ b/openssl-sys/build/cfgs.rs
@@ -68,6 +68,9 @@ pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<&
         if libressl_version >= 0x4_00_00_00_0 {
             cfgs.push("libressl400");
         }
+        if libressl_version >= 0x4_01_00_00_0 {
+            cfgs.push("libressl410");
+        }
     } else {
         let openssl_version = openssl_version.unwrap();
 
diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs
index f379e1e6b..e6a3db397 100644
--- a/openssl-sys/build/main.rs
+++ b/openssl-sys/build/main.rs
@@ -103,6 +103,7 @@ fn main() {
     println!("cargo:rustc-check-cfg=cfg(libressl382)");
     println!("cargo:rustc-check-cfg=cfg(libressl390)");
     println!("cargo:rustc-check-cfg=cfg(libressl400)");
+    println!("cargo:rustc-check-cfg=cfg(libressl410)");
 
     println!("cargo:rustc-check-cfg=cfg(ossl101)");
     println!("cargo:rustc-check-cfg=cfg(ossl102)");
diff --git a/openssl-sys/src/handwritten/ec.rs b/openssl-sys/src/handwritten/ec.rs
index f199bc891..19d93a55e 100644
--- a/openssl-sys/src/handwritten/ec.rs
+++ b/openssl-sys/src/handwritten/ec.rs
@@ -9,6 +9,7 @@ pub enum point_conversion_form_t {
     POINT_CONVERSION_HYBRID = 6,
 }
 
+#[cfg(not(libressl410))]
 pub enum EC_METHOD {}
 pub enum EC_GROUP {}
 pub enum EC_POINT {}
@@ -17,6 +18,7 @@ extern "C" {
     #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))]
     pub fn EC_GF2m_simple_method() -> *const EC_METHOD;
 
+    #[cfg(not(libressl410))]
     pub fn EC_GROUP_new(meth: *const EC_METHOD) -> *mut EC_GROUP;
 
     pub fn EC_GROUP_free(group: *mut EC_GROUP);

From 4830f5bb93dafeeeddf32bf41dda83e2560f3d49 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 1 Feb 2025 11:13:16 -0800
Subject: [PATCH 3/8] Expose `SslMethod::{dtls_client,dtls_server}`

---
 openssl-sys/src/handwritten/ssl.rs |  4 ++++
 openssl/src/ssl/mod.rs             | 16 +++++++++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/openssl-sys/src/handwritten/ssl.rs b/openssl-sys/src/handwritten/ssl.rs
index b86a54cbe..163c75aed 100644
--- a/openssl-sys/src/handwritten/ssl.rs
+++ b/openssl-sys/src/handwritten/ssl.rs
@@ -701,6 +701,10 @@ cfg_if! {
             pub fn TLS_server_method() -> *const SSL_METHOD;
 
             pub fn TLS_client_method() -> *const SSL_METHOD;
+
+            pub fn DTLS_server_method() -> *const SSL_METHOD;
+
+            pub fn DTLS_client_method() -> *const SSL_METHOD;
         }
     } else {
         extern "C" {
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index c341642a2..aac726a69 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -364,6 +364,20 @@ impl SslMethod {
         unsafe { SslMethod(TLS_server_method()) }
     }
 
+    /// Support all versions of the DTLS protocol, explicitly as a client.
+    #[corresponds(DTLS_client_method)]
+    #[cfg(any(boringssl, ossl110, libressl291))]
+    pub fn dtls_client() -> SslMethod {
+        unsafe { SslMethod(DTLS_client_method()) }
+    }
+
+    /// Support all versions of the DTLS protocol, explicitly as a server.
+    #[corresponds(DTLS_method)]
+    #[cfg(any(boringssl, ossl110, libressl291))]
+    pub fn dtls_server() -> SslMethod {
+        unsafe { SslMethod(DTLS_server_method()) }
+    }
+
     /// Constructs an `SslMethod` from a pointer to the underlying OpenSSL value.
     ///
     /// # Safety
@@ -4288,7 +4302,7 @@ cfg_if! {
 }
 cfg_if! {
     if #[cfg(any(boringssl, ossl110, libressl291))] {
-        use ffi::{TLS_method, DTLS_method, TLS_client_method, TLS_server_method};
+        use ffi::{TLS_method, DTLS_method, TLS_client_method, TLS_server_method, DTLS_server_method, DTLS_client_method};
     } else {
         use ffi::{
             SSLv23_method as TLS_method, DTLSv1_method as DTLS_method, SSLv23_client_method as TLS_client_method,

From 5ecb31d3fd252c54dbae5e0b5b7ad495b26ac339 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 1 Feb 2025 11:22:56 -0800
Subject: [PATCH 4/8] Update openssl/src/ssl/mod.rs

Co-authored-by: Theo Buehler <botovq@users.noreply.github.com>
---
 openssl/src/ssl/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index aac726a69..fc414a2ff 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -372,7 +372,7 @@ impl SslMethod {
     }
 
     /// Support all versions of the DTLS protocol, explicitly as a server.
-    #[corresponds(DTLS_method)]
+    #[corresponds(DTLS_server_method)]
     #[cfg(any(boringssl, ossl110, libressl291))]
     pub fn dtls_server() -> SslMethod {
         unsafe { SslMethod(DTLS_server_method()) }

From 4c9fbb0c18e8a3ac1de9671d7828862b49c1cb87 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 1 Feb 2025 11:31:54 -0800
Subject: [PATCH 5/8] Test against 3.4.0 final release

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 927280505..6be72d76e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -154,7 +154,7 @@ jobs:
             - name: openssl
               version: vendored
             - name: openssl
-              version: 3.4.0-beta1
+              version: 3.4.0
             - name: openssl
               version: 3.3.0
             - name: openssl

From 8e6e30bbf7e7627845b801f83a3810d6ffc1f157 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sun, 2 Feb 2025 12:19:46 -0500
Subject: [PATCH 6/8] Fix lifetimes in ssl::select_next_proto

---
 openssl/src/ssl/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index fc414a2ff..e15c48b6d 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -709,7 +709,7 @@ cfg_if! {
 ///
 /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
 #[corresponds(SSL_select_next_proto)]
-pub fn select_next_proto<'a>(server: &[u8], client: &'a [u8]) -> Option<&'a [u8]> {
+pub fn select_next_proto<'a>(server: &'a [u8], client: &'a [u8]) -> Option<&'a [u8]> {
     unsafe {
         let mut out = ptr::null_mut();
         let mut outlen = 0;

From c9a33e286023f92b869c5f157b349be15985a799 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sun, 2 Feb 2025 13:01:39 -0500
Subject: [PATCH 7/8] Release openssl-sys v0.9.105

---
 openssl-sys/CHANGELOG.md | 6 ++++++
 openssl-sys/Cargo.toml   | 2 +-
 openssl/Cargo.toml       | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/openssl-sys/CHANGELOG.md b/openssl-sys/CHANGELOG.md
index 641f0d4b7..03b76736e 100644
--- a/openssl-sys/CHANGELOG.md
+++ b/openssl-sys/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 ## [Unreleased]
 
+## [v0.9.105] - 2025-02-02
+
+### Added
+
+* Added `DTLS_server_method` and `DTLS_client_method`.
+
 ## [v0.9.104] - 2024-10-15
 
 ### Added
diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml
index f82dbd3f1..406c793a8 100644
--- a/openssl-sys/Cargo.toml
+++ b/openssl-sys/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "openssl-sys"
-version = "0.9.104"
+version = "0.9.105"
 authors = [
     "Alex Crichton <alex@alexcrichton.com>",
     "Steven Fackler <sfackler@gmail.com>",
diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml
index 43cef06d2..fbc2f6077 100644
--- a/openssl/Cargo.toml
+++ b/openssl/Cargo.toml
@@ -31,7 +31,7 @@ libc = "0.2"
 once_cell = "1.5.2"
 
 openssl-macros = { version = "0.1.1", path = "../openssl-macros" }
-ffi = { package = "openssl-sys", version = "0.9.104", path = "../openssl-sys" }
+ffi = { package = "openssl-sys", version = "0.9.105", path = "../openssl-sys" }
 
 [dev-dependencies]
 hex = "0.4"

From a4d399b0f1a3694cb2d1728edf74d318a3cac890 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sun, 2 Feb 2025 13:04:32 -0500
Subject: [PATCH 8/8] Release openssl v0.10.70

---
 openssl/CHANGELOG.md | 10 ++++++++++
 openssl/Cargo.toml   |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/openssl/CHANGELOG.md b/openssl/CHANGELOG.md
index bc314c2ed..e69b26570 100644
--- a/openssl/CHANGELOG.md
+++ b/openssl/CHANGELOG.md
@@ -2,6 +2,16 @@
 
 ## [Unreleased]
 
+## [v0.10.70] - 2025-02-02
+
+### Fixed
+
+* Fixed improper lifetime constraints in `ssl::select_next_proto` that allowed a use after free.
+
+### Added
+
+* Added `SslMethod::dtls_client` and `SslMethod::dtls_server`.
+
 ## [v0.10.69] - 2025-01-25
 
 ### Fixed
diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml
index fbc2f6077..d3a3f45c1 100644
--- a/openssl/Cargo.toml
+++ b/openssl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "openssl"
-version = "0.10.69"
+version = "0.10.70"
 authors = ["Steven Fackler <sfackler@gmail.com>"]
 license = "Apache-2.0"
 description = "OpenSSL bindings"

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.69...openssl-v0.10.70.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.69...openssl-v0.10.70.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.69...openssl-v0.10.70.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.69...openssl-v0.10.70.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>