feat(mariner): add support for CBL-Mariner (#1640)

Co-authored-by: knqyf263 <knqyf263@gmail.com>
aquasecurity · Jan 29, 2022 · 84dd33f · 84dd33f
1 parent 9e903a1
commit 84dd33f
Show file tree

Hide file tree

Showing 44 changed files with 581 additions and 51 deletions.
diff --git a/README.md b/README.md
@@ -165,7 +165,7 @@ Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
 # Features
 
 - Comprehensive vulnerability detection
-  - OS packages (Alpine Linux, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, AlmaLinux, Rocky Linux, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
+  - OS packages (Alpine Linux, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, AlmaLinux, Rocky Linux, CBL-Mariner, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
   - **Language-specific packages** (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
 - Misconfiguration detection (IaC scanning) 
   - A wide variety of built-in policies are provided **out of the box**

diff --git a/docs/getting-started/overview.md b/docs/getting-started/overview.md
@@ -22,7 +22,7 @@ See [Integrations][integrations] for details.
 ## Features
 
 - Comprehensive vulnerability detection
-    - [OS packages][os] (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, AlmaLinux, Rocky Linux, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
+    - [OS packages][os] (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, AlmaLinux, Rocky Linux, CBL-Mariner, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
     - [**Language-specific packages**][lang] (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
 - Detect IaC misconfigurations
     - A wide variety of [built-in policies][builtin] are provided **out of the box**:
@@ -77,4 +77,4 @@ Please see [LICENSE][license] for Trivy licensing information.
 [podman]: ../advanced/container/podman.md
 
 [oci]: https://github.com/opencontainers/image-spec
-[license]:  https://github.com/aquasecurity/trivy/blob/main/LICENSE
+[license]:  https://github.com/aquasecurity/trivy/blob/main/LICENSE
diff --git a/docs/vulnerability/detection/data-source.md b/docs/vulnerability/detection/data-source.md
@@ -14,6 +14,7 @@
 | AlmaLinux      | [AlmaLinux Product Errata][alma]         |
 | Rocky Linux    | [Rocky Linux UpdateInfo][rocky]          |
 | Oracle Linux   | [OVAL][oracle]                           |
+| CBL-Mariner    | [OVAL][mariner]                          |
 | OpenSUSE/SLES	 | [CVRF][suse]                             |
 | Photon OS      | [Photon Security Advisory][photon]       |
 
@@ -58,6 +59,7 @@
 [oracle]: https://linux.oracle.com/security/oval/
 [suse]: http://ftp.suse.com/pub/projects/security/cvrf/
 [photon]: https://packages.vmware.com/photon/photon_cve_metadata/
+[mariner]: https://github.com/microsoft/CBL-MarinerVulnerabilityData/
 
 [php-ghsa]: https://github.com/advisories?query=ecosystem%3Acomposer
 [python-ghsa]: https://github.com/advisories?query=ecosystem%3Apip

diff --git a/docs/vulnerability/detection/os.md b/docs/vulnerability/detection/os.md
@@ -11,6 +11,7 @@ The unfixed/unfixable vulnerabilities mean that the patch has not yet been provi
 | AlmaLinux                        | 8                                        | Installed by yum/rpm          |                  NO                  |
 | Rocky Linux                      | 8                                        | Installed by yum/rpm          |                  NO                  |
 | Oracle Linux                     | 5, 6, 7, 8                               | Installed by yum/rpm          |                  NO                  |
+| CBL-Mariner                      | 1.0, 2.0                                 | Installed by yum/rpm          |                 YES                  |
 | Amazon Linux                     | 1, 2                                     | Installed by yum/rpm          |                  NO                  |
 | openSUSE Leap                    | 42, 15                                   | Installed by zypper/rpm       |                  NO                  |
 | SUSE Enterprise Linux            | 11, 12, 15                               | Installed by zypper/rpm       |                  NO                  |

diff --git a/go.mod b/go.mod
@@ -7,13 +7,13 @@ require (
 	github.com/Masterminds/sprig v2.22.0+incompatible
 	github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46
 	github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
-	github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21
+	github.com/aquasecurity/fanal v0.0.0-20220129174924-b9e05fcccc57
 	github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492
-	github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d
+	github.com/aquasecurity/trivy-db v0.0.0-20220129175002-a5adda5ac069
 	github.com/caarlos0/env/v6 v6.0.0
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/cheggaaa/pb/v3 v3.0.3

diff --git a/go.sum b/go.sum
@@ -243,8 +243,8 @@ github.com/aquasecurity/cfsec v0.2.2 h1:hq6MZlg7XFZsrerCv297N4HRlnJM7K6LLd/l/xCz
 github.com/aquasecurity/cfsec v0.2.2/go.mod h1:sUELRJqIPXTOZiHUx7TzyyFFzuk0W22IG6IWAoV8T6U=
 github.com/aquasecurity/defsec v0.0.37 h1:zdZndlKrW257b8VLK1UwfmXiyPuDrNA+wzBilHRk1LA=
 github.com/aquasecurity/defsec v0.0.37/go.mod h1:csaBEcJ3AKy44expnW0dCANEZcS/c1vcJjwBCbnKWBM=
-github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21 h1:7nx6j3boy7oawbPvkp2Vma9OvovZWIGvzJw80w1e71E=
-github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21/go.mod h1:aU+dKT2D+DLsTEmy/axt19XEIXayz0V9giXCwiypCgQ=
+github.com/aquasecurity/fanal v0.0.0-20220129174924-b9e05fcccc57 h1:/xe+XRO1uQXebv6y1XIM9424XQXVnVZ1dr+V4clegHA=
+github.com/aquasecurity/fanal v0.0.0-20220129174924-b9e05fcccc57/go.mod h1:aU+dKT2D+DLsTEmy/axt19XEIXayz0V9giXCwiypCgQ=
 github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff h1:JCKEV3TgUNh9fn+8hXyIdsF9yErA0rUbCkgt2flRKt4=
 github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff/go.mod h1:8fJ//Ob6/03lxbn4xa1F+G/giVtiVLxnZNpBp5xOxNk=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
@@ -260,8 +260,8 @@ github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbp
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM=
 github.com/aquasecurity/tfsec v0.63.1 h1:KH63HTcUoab7d3PKtqFO6T8K5AY7bzLw7Kiu+EY9U64=
 github.com/aquasecurity/tfsec v0.63.1/go.mod h1:g5ZWmsfqW1FsCaPb9ux8Pzjcyss/WUB2XuRd5slqvnc=
-github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d h1:vwK774PmorLkSsL/K4WUa9Y9Tn/5Ksmolv8UGHh0Wjc=
-github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d/go.mod h1:BOulYmf+l2bd+Bjo3tTsdnbWCsh5UsJn1MqdiZzmm/Q=
+github.com/aquasecurity/trivy-db v0.0.0-20220129175002-a5adda5ac069 h1:TYG76ClrtBiunB43Hme+ahszJfm0E+og+JQsEEMrHbk=
+github.com/aquasecurity/trivy-db v0.0.0-20220129175002-a5adda5ac069/go.mod h1:BOulYmf+l2bd+Bjo3tTsdnbWCsh5UsJn1MqdiZzmm/Q=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=

diff --git a/integration/client_server_test.go b/integration/client_server_test.go
@@ -203,6 +203,13 @@ func TestClientServer(t *testing.T) {
 			},
 			golden: "testdata/photon-30.json.golden",
 		},
+		{
+			name: "CBL-Mariner 1.0",
+			args: csArgs{
+				Input: "testdata/fixtures/images/mariner-1.0.tar.gz",
+			},
+			golden: "testdata/mariner-1.0.json.golden",
+		},
 		{
 			name: "buxybox with Cargo.lock",
 			args: csArgs{

diff --git a/integration/docker_engine_test.go b/integration/docker_engine_test.go
@@ -176,6 +176,12 @@ func TestDockerEngine(t *testing.T) {
 			input:    "testdata/fixtures/images/photon-30.tar.gz",
 			golden:   "testdata/photon-30.json.golden",
 		},
+		{
+			name:     "CBL-Mariner 1.0",
+			imageTag: "cblmariner.azurecr.io/base/core:1.0",
+			input:    "testdata/fixtures/images/mariner-1.0.tar.gz",
+			golden:   "testdata/mariner-1.0.json.golden",
+		},
 		{
 			name:     "busybox with Cargo.lock",
 			imageTag: "busy-cargo:latest",

diff --git a/integration/standalone_tar_test.go b/integration/standalone_tar_test.go
@@ -216,13 +216,21 @@ func TestTar(t *testing.T) {
 			golden: "testdata/opensuse-leap-151.json.golden",
 		},
 		{
-			name: "photon 3.0 integration",
+			name: "photon 3.0",
 			testArgs: args{
 				Format: "json",
 				Input:  "testdata/fixtures/images/photon-30.tar.gz",
 			},
 			golden: "testdata/photon-30.json.golden",
 		},
+		{
+			name: "CBL-Mariner 1.0",
+			testArgs: args{
+				Format: "json",
+				Input:  "testdata/fixtures/images/mariner-1.0.tar.gz",
+			},
+			golden: "testdata/mariner-1.0.json.golden",
+		},
 		{
 			name: "buxybox with Cargo.lock integration",
 			testArgs: args{

diff --git a/integration/testdata/almalinux-8.json.golden b/integration/testdata/almalinux-8.json.golden
@@ -85,16 +85,21 @@
           },
           "References": [
             "http://www.openwall.com/lists/oss-security/2021/08/26/2",
+            "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json",
+            "https://access.redhat.com/security/cve/CVE-2021-3712",
+            "https://crates.io/crates/openssl-src",
             "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712",
             "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11",
             "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12",
             "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366",
             "https://linux.oracle.com/cve/CVE-2021-3712.html",
-            "https://linux.oracle.com/errata/ELSA-2021-9632.html",
+            "https://linux.oracle.com/errata/ELSA-2022-9023.html",
             "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E",
             "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E",
             "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html",
             "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html",
+            "https://nvd.nist.gov/vuln/detail/CVE-2021-3712",
+            "https://rustsec.org/advisories/RUSTSEC-2021-0098.html",
             "https://security.netapp.com/advisory/ntap-20210827-0010/",
             "https://ubuntu.com/security/notices/USN-5051-1",
             "https://ubuntu.com/security/notices/USN-5051-2",
@@ -105,8 +110,7 @@
             "https://www.openssl.org/news/secadv/20210824.txt",
             "https://www.oracle.com/security-alerts/cpuoct2021.html",
             "https://www.tenable.com/security/tns-2021-16",
-            "https://www.tenable.com/security/tns-2022-02",
-            "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json"
+            "https://www.tenable.com/security/tns-2022-02"
           ],
           "PublishedDate": "2021-08-24T15:15:00Z",
           "LastModifiedDate": "2022-01-06T09:15:00Z"

diff --git a/integration/testdata/alpine-310-registry.json.golden b/integration/testdata/alpine-310-registry.json.golden
@@ -93,6 +93,7 @@
             }
           },
           "References": [
+            "https://access.redhat.com/security/cve/CVE-2019-1549",
             "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
             "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
             "https://linux.oracle.com/cve/CVE-2019-1549.html",
@@ -152,6 +153,7 @@
           "References": [
             "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
             "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
+            "https://access.redhat.com/security/cve/CVE-2019-1551",
             "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
             "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
             "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98",
@@ -217,6 +219,7 @@
             }
           },
           "References": [
+            "https://access.redhat.com/security/cve/CVE-2019-1549",
             "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
             "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
             "https://linux.oracle.com/cve/CVE-2019-1549.html",
@@ -276,6 +279,7 @@
           "References": [
             "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
             "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
+            "https://access.redhat.com/security/cve/CVE-2019-1551",
             "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
             "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
             "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98",

diff --git a/integration/testdata/alpine-310.gitlab.golden b/integration/testdata/alpine-310.gitlab.golden
@@ -33,6 +33,8 @@
         }
       ],
       "links": [{
+          "url": "https://access.redhat.com/security/cve/CVE-2019-1549"
+        },{
           "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549"
         },{
           "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be"
@@ -108,6 +110,8 @@
           "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html"
         },{
           "url": "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html"
+        },{
+          "url": "https://access.redhat.com/security/cve/CVE-2019-1551"
         },{
           "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551"
         },{
@@ -197,6 +201,8 @@
         }
       ],
       "links": [{
+          "url": "https://access.redhat.com/security/cve/CVE-2019-1549"
+        },{
           "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549"
         },{
           "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be"
@@ -272,6 +278,8 @@
           "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html"
         },{
           "url": "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html"
+        },{
+          "url": "https://access.redhat.com/security/cve/CVE-2019-1551"
         },{
           "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551"
         },{

diff --git a/integration/testdata/alpine-310.html.golden b/integration/testdata/alpine-310.html.golden
@@ -99,6 +99,7 @@
         <td class="pkg-version">1.1.1c-r0</td>
         <td>1.1.1d-r0</td>
         <td class="links" data-more-links="off">
+          <a href="https://access.redhat.com/security/cve/CVE-2019-1549">https://access.redhat.com/security/cve/CVE-2019-1549</a>
           <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549</a>
           <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be</a>
           <a href="https://linux.oracle.com/cve/CVE-2019-1549.html">https://linux.oracle.com/cve/CVE-2019-1549.html</a>
@@ -129,6 +130,7 @@
         <td class="links" data-more-links="off">
           <a href="http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html">http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html</a>
           <a href="http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html</a>
+          <a href="https://access.redhat.com/security/cve/CVE-2019-1551">https://access.redhat.com/security/cve/CVE-2019-1551</a>
           <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551</a>
           <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f</a>
           <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98</a>
@@ -165,6 +167,7 @@
         <td class="pkg-version">1.1.1c-r0</td>
         <td>1.1.1d-r0</td>
         <td class="links" data-more-links="off">
+          <a href="https://access.redhat.com/security/cve/CVE-2019-1549">https://access.redhat.com/security/cve/CVE-2019-1549</a>
           <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549</a>
           <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be</a>
           <a href="https://linux.oracle.com/cve/CVE-2019-1549.html">https://linux.oracle.com/cve/CVE-2019-1549.html</a>
@@ -195,6 +198,7 @@
         <td class="links" data-more-links="off">
           <a href="http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html">http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html</a>
           <a href="http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html</a>
+          <a href="https://access.redhat.com/security/cve/CVE-2019-1551">https://access.redhat.com/security/cve/CVE-2019-1551</a>
           <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551</a>
           <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f</a>
           <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98</a>