diff --git a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
index fd14cf58f37..38d6f8fcd12 100644
--- a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
+++ b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
@@ -13,5 +13,5 @@ The CBL-Mariner SPEC files originated from a variety of sources with varying lic
 | Numad source | [LGPLv2 License](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt) | numad |
 | NVIDIA | [ASL 2.0 License](http://www.apache.org/licenses/LICENSE-2.0) | libnvidia-container <br> nvidia-container-runtime <br> nvidia-container-toolkit <br> nvidia-docker2 |
 | OpenMamba | [Openmamba GPLv2 License](https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt) | bash-completion |
-| OpenSUSE | Following [openSUSE guidelines](https://en.opensuse.org/openSUSE:Specfile_guidelines#Specfile_Licensing) | ant <br> ant-antlr <br> ant-junit <br> antlr <br> aopalliance <br> apache-commons-beanutils <br> apache-commons-cli <br> apache-commons-codec <br> apache-commons-collections <br> apache-commons-collections4 <br> apache-commons-compress <br> apache-commons-configuration <br> apache-commons-daemon <br> apache-commons-dbcp <br> apache-commons-digester <br> apache-commons-httpclient <br> apache-commons-io <br> apache-commons-jexl <br> apache-commons-lang <br> apache-commons-lang3 <br> apache-commons-logging <br> apache-commons-net <br> apache-commons-parent <br> apache-commons-pool2 <br> apache-commons-vfs2 <br> apache-ivy <br> apache-parent <br> aqute-bnd <br> args4j <br> atinject <br> base64coder <br> bazel-workspaces <br> bcel <br> bea-stax <br> beust-jcommander <br> bnd-maven-plugin <br> boringssl <br> bouncycastle <br> bsf <br> bsh2 <br> byaccj <br> cal10n <br> cdi-api <br> cglib <br> cni <br> cri-o <br> easymock <br> ecj <br> envoy <br> felix-parent <br> felix-utils <br> fillup <br> gd <br> geronimo-specs <br> geronimo-specs-pom <br> glassfish-annotation-api <br> glassfish-el <br> glassfish-servlet-api <br> gnu-getopt <br> gnu-regexp <br> golang-packaging <br> google-guice <br> guava <br> guava20 <br> hamcrest <br> hawtjni-runtime <br> hsqldb <br> httpcomponents-client <br> httpcomponents-core <br> isorelax <br> jakarta-taglibs-standard <br> jansi <br> jansi-native <br> jarjar <br> java-cup <br> javacc <br> javacc-bootstrap <br> javamail <br> javassist <br> jboss-interceptors-1.2-api <br> jdepend <br> jdependency <br> jdom <br> jflex <br> jflex-bootstrap <br> jlex <br> jline <br> jna <br> jsch <br> jsch-agent-proxy <br> jsoup <br> jsr-305 <br> jtidy <br> junit <br> junitperf <br> jzlib <br> kured <br> libcontainers-common <br> libva <br> libvdpau <br> lynx <br> maven <br> maven-antrun-plugin <br> maven-archiver <br> maven-artifact-resolver <br> maven-artifact-transfer <br> maven-assembly-plugin <br> maven-common-artifact-filters <br> maven-compiler-plugin <br> maven-dependency-tree <br> maven-doxia <br> maven-doxia-sitetools <br> maven-enforcer <br> maven-file-management <br> maven-filtering <br> maven-invoker <br> maven-invoker-plugin <br> maven-jar-plugin <br> maven-javadoc-plugin <br> maven-parent <br> maven-plugin-build-helper <br> maven-plugin-bundle <br> maven-plugin-plugin <br> maven-plugin-plugin-bootstrap <br> maven-plugin-testing <br> maven-plugin-tools <br> maven-plugins-pom <br> maven-remote-resources-plugin <br> maven-reporting-api <br> maven-reporting-impl <br> maven-resolver <br> maven-resources-plugin <br> maven-script-interpreter <br> maven-shade-plugin <br> maven-shared <br> maven-shared-incremental <br> maven-shared-io <br> maven-shared-utils <br> maven-source-plugin <br> maven-surefire <br> maven-surefire-plugins <br> maven-verifier <br> maven-wagon <br> mockito <br> modello <br> modello-maven-plugin <br> mojo-parent <br> objectweb-anttask <br> objectweb-asm <br> objenesis <br> oprofile <br> oro <br> osgi-annotation <br> osgi-compendium <br> osgi-core <br> parboiled <br> patterns-ceph-containers <br> pegdown <br> plexus-ant-factory <br> plexus-archiver <br> plexus-bsh-factory <br> plexus-build-api <br> plexus-cipher <br> plexus-classworlds <br> plexus-cli <br> plexus-compiler <br> plexus-component-api <br> plexus-component-metadata <br> plexus-containers <br> plexus-i18n <br> plexus-interactivity <br> plexus-interpolation <br> plexus-io <br> plexus-languages <br> plexus-metadata-generator <br> plexus-pom <br> plexus-resources <br> plexus-sec-dispatcher <br> plexus-utils <br> plexus-velocity <br> psl-make-dafsa <br> publicsuffix <br> qdox <br> regexp <br> relaxngDatatype <br> rhino <br> ripgrep <br> rook <br> servletapi4 <br> servletapi5 <br> sisu <br> slf4j <br> slf4j-sources <br> snakeyaml <br> testng <br> trilead-ssh2 <br> velocity <br> xalan-j2 <br> xbean <br> xcursor-themes <br> xerces-j2 <br> xml-commons-apis <br> xml-commons-resolver <br> xmldb-api <br> xmlunit <br> xmvn <br> xmvn-connector-aether <br> xmvn-connector-ivy <br> xmvn-mojo <br> xmvn-tools <br> xpp2 <br> xpp3 <br> xz-java |
+| OpenSUSE | Following [openSUSE guidelines](https://en.opensuse.org/openSUSE:Specfile_guidelines#Specfile_Licensing) | ant <br> ant-antlr <br> ant-junit <br> antlr <br> aopalliance <br> apache-commons-beanutils <br> apache-commons-cli <br> apache-commons-codec <br> apache-commons-collections <br> apache-commons-collections4 <br> apache-commons-compress <br> apache-commons-configuration <br> apache-commons-daemon <br> apache-commons-dbcp <br> apache-commons-digester <br> apache-commons-httpclient <br> apache-commons-io <br> apache-commons-jexl <br> apache-commons-lang <br> apache-commons-lang3 <br> apache-commons-logging <br> apache-commons-net <br> apache-commons-parent <br> apache-commons-pool2 <br> apache-commons-vfs2 <br> apache-ivy <br> apache-parent <br> aqute-bnd <br> args4j <br> atinject <br> base64coder <br> bazel-workspaces <br> bcel <br> bea-stax <br> beust-jcommander <br> bnd-maven-plugin <br> bouncycastle <br> bsf <br> bsh2 <br> byaccj <br> cal10n <br> cdi-api <br> cglib <br> cni <br> cri-o <br> easymock <br> ecj <br> envoy <br> felix-parent <br> felix-utils <br> fillup <br> gd <br> geronimo-specs <br> geronimo-specs-pom <br> glassfish-annotation-api <br> glassfish-el <br> glassfish-servlet-api <br> gnu-getopt <br> gnu-regexp <br> golang-packaging <br> google-guice <br> guava <br> guava20 <br> hamcrest <br> hawtjni-runtime <br> hsqldb <br> httpcomponents-client <br> httpcomponents-core <br> isorelax <br> jakarta-taglibs-standard <br> jansi <br> jansi-native <br> jarjar <br> java-cup <br> javacc <br> javacc-bootstrap <br> javamail <br> javassist <br> jboss-interceptors-1.2-api <br> jdepend <br> jdependency <br> jdom <br> jflex <br> jflex-bootstrap <br> jlex <br> jline <br> jna <br> jsch <br> jsch-agent-proxy <br> jsoup <br> jsr-305 <br> jtidy <br> junit <br> junitperf <br> jzlib <br> kured <br> libcontainers-common <br> libva <br> libvdpau <br> lynx <br> maven <br> maven-antrun-plugin <br> maven-archiver <br> maven-artifact-resolver <br> maven-artifact-transfer <br> maven-assembly-plugin <br> maven-common-artifact-filters <br> maven-compiler-plugin <br> maven-dependency-tree <br> maven-doxia <br> maven-doxia-sitetools <br> maven-enforcer <br> maven-file-management <br> maven-filtering <br> maven-invoker <br> maven-invoker-plugin <br> maven-jar-plugin <br> maven-javadoc-plugin <br> maven-parent <br> maven-plugin-build-helper <br> maven-plugin-bundle <br> maven-plugin-plugin <br> maven-plugin-plugin-bootstrap <br> maven-plugin-testing <br> maven-plugin-tools <br> maven-plugins-pom <br> maven-remote-resources-plugin <br> maven-reporting-api <br> maven-reporting-impl <br> maven-resolver <br> maven-resources-plugin <br> maven-script-interpreter <br> maven-shade-plugin <br> maven-shared <br> maven-shared-incremental <br> maven-shared-io <br> maven-shared-utils <br> maven-source-plugin <br> maven-surefire <br> maven-surefire-plugins <br> maven-verifier <br> maven-wagon <br> mockito <br> modello <br> modello-maven-plugin <br> mojo-parent <br> objectweb-anttask <br> objectweb-asm <br> objenesis <br> oprofile <br> oro <br> osgi-annotation <br> osgi-compendium <br> osgi-core <br> parboiled <br> patterns-ceph-containers <br> pegdown <br> plexus-ant-factory <br> plexus-archiver <br> plexus-bsh-factory <br> plexus-build-api <br> plexus-cipher <br> plexus-classworlds <br> plexus-cli <br> plexus-compiler <br> plexus-component-api <br> plexus-component-metadata <br> plexus-containers <br> plexus-i18n <br> plexus-interactivity <br> plexus-interpolation <br> plexus-io <br> plexus-languages <br> plexus-metadata-generator <br> plexus-pom <br> plexus-resources <br> plexus-sec-dispatcher <br> plexus-utils <br> plexus-velocity <br> psl-make-dafsa <br> publicsuffix <br> qdox <br> regexp <br> relaxngDatatype <br> rhino <br> ripgrep <br> rook <br> servletapi4 <br> servletapi5 <br> sisu <br> slf4j <br> slf4j-sources <br> snakeyaml <br> testng <br> trilead-ssh2 <br> velocity <br> xalan-j2 <br> xbean <br> xcursor-themes <br> xerces-j2 <br> xml-commons-apis <br> xml-commons-resolver <br> xmldb-api <br> xmlunit <br> xmvn <br> xmvn-connector-aether <br> xmvn-connector-ivy <br> xmvn-mojo <br> xmvn-tools <br> xpp2 <br> xpp3 <br> xz-java |
 | Photon | [Photon License](LICENSE-PHOTON.md) and [Photon Notice](NOTICE.APACHE2). <br>  Also see [LICENSE-EXCEPTIONS.PHOTON](LICENSE-EXCEPTIONS.PHOTON). | acl <br> alsa-lib <br> alsa-utils <br> ansible <br> apparmor <br> apr <br> apr-util <br> asciidoc <br> atftp <br> audit <br> autoconf <br> autoconf-archive <br> autofs <br> autogen <br> automake <br> babel <br> bash <br> bc <br> bcc <br> bind <br> binutils <br> bison <br> blktrace <br> boost <br> bridge-utils <br> btrfs-progs <br> bubblewrap <br> build-essential <br> bzip2 <br> c-ares <br> cairo <br> cassandra <br> cdrkit <br> check <br> chkconfig <br> chrpath <br> cifs-utils <br> clang <br> cloud-init <br> cloud-utils-growpart <br> cmake <br> cni-plugins <br> core-packages <br> coreutils <br> cpio <br> cppunit <br> cracklib <br> crash <br> crash-gcore-command <br> createrepo_c <br> cri-tools <br> cronie <br> curl <br> cyrus-sasl <br> dbus <br> dbus-glib <br> dejagnu <br> device-mapper-multipath <br> dhcp <br> dialog <br> diffutils <br> dkms <br> dmidecode <br> dnsmasq <br> docbook-dtd-xml <br> docbook-style-xsl <br> dosfstools <br> dracut <br> dstat <br> e2fsprogs <br> ed <br> efibootmgr <br> efivar <br> elfutils <br> erlang <br> etcd-3.4.13 <br> etcd-3.5.0 <br> ethtool <br> expat <br> expect <br> fcgi <br> file <br> filesystem <br> findutils <br> finger <br> flex <br> fontconfig <br> fping <br> freetype <br> fuse <br> gawk <br> gc <br> gcc <br> gdb <br> gdbm <br> gettext <br> git <br> glib <br> glib-networking <br> glibc <br> glibmm <br> gmp <br> gnome-common <br> gnupg2 <br> gnuplot <br> gnutls <br> gobject-introspection <br> golang-1.17 <br> gperf <br> gperftools <br> gpgme <br> gptfdisk <br> grep <br> groff <br> grub2 <br> gtest <br> gtk-doc <br> guile <br> gzip <br> haproxy <br> harfbuzz <br> haveged <br> hdparm <br> http-parser <br> httpd <br> i2c-tools <br> iana-etc <br> icu <br> initramfs <br> initscripts <br> inotify-tools <br> intltool <br> iotop <br> iperf3 <br> iproute <br> ipset <br> iptables <br> iputils <br> ipvsadm <br> ipxe <br> irqbalance <br> itstool <br> jansson <br> jq <br> json-c <br> json-glib <br> kbd <br> keepalived <br> kernel <br> kernel-headers <br> kernel-rt <br> keyutils <br> kmod <br> krb5 <br> lapack <br> less <br> libaio <br> libarchive <br> libassuan <br> libatomic_ops <br> libcap <br> libcap-ng <br> libconfig <br> libdb <br> libdnet <br> libedit <br> libestr <br> libevent <br> libfastjson <br> libffi <br> libgcrypt <br> libgpg-error <br> libgssglue <br> libgsystem <br> libgudev <br> libjpeg-turbo <br> libksba <br> liblogging <br> libmbim <br> libmnl <br> libmodulemd <br> libmpc <br> libmspack <br> libndp <br> libnetfilter_conntrack <br> libnetfilter_cthelper <br> libnetfilter_cttimeout <br> libnetfilter_queue <br> libnfnetlink <br> libnftnl <br> libnl3 <br> libnsl2 <br> libpcap <br> libpipeline <br> libpng <br> libpsl <br> libqmi <br> librelp <br> librepo <br> librsync <br> libseccomp <br> libselinux <br> libsepol <br> libserf <br> libsigc++30 <br> libsolv <br> libsoup <br> libssh2 <br> libtalloc <br> libtar <br> libtasn1 <br> libtiff <br> libtirpc <br> libtool <br> libunistring <br> libunwind <br> libusb <br> libvirt <br> libwebp <br> libxml2 <br> libxslt <br> libyaml <br> linux-firmware <br> lldb <br> lldpad <br> llvm <br> lm-sensors <br> lmdb <br> log4cpp <br> logrotate <br> lshw <br> lsof <br> lsscsi <br> ltrace <br> lttng-tools <br> lttng-ust <br> lvm2 <br> lz4 <br> lzo <br> m2crypto <br> m4 <br> make <br> man-db <br> man-pages <br> mariadb <br> mc <br> mercurial <br> meson <br> mlocate <br> ModemManager <br> mozjs <br> mpfr <br> msr-tools <br> mysql <br> nano <br> nasm <br> ncurses <br> ndctl <br> net-snmp <br> net-tools <br> nettle <br> newt <br> nfs-utils <br> nghttp2 <br> nginx <br> ninja-build <br> nodejs <br> npth <br> nspr <br> nss <br> nss-altfiles <br> ntp <br> numactl <br> numpy <br> nvme-cli <br> oniguruma <br> OpenIPMI <br> openldap <br> openscap <br> openssh <br> openvswitch <br> ostree <br> pam <br> pango <br> parted <br> patch <br> pciutils <br> pcre <br> perl-Canary-Stability <br> perl-CGI <br> perl-common-sense <br> perl-Crypt-SSLeay <br> perl-DBD-SQLite <br> perl-DBI <br> perl-DBIx-Simple <br> perl-Exporter-Tiny <br> perl-File-HomeDir <br> perl-File-Which <br> perl-IO-Socket-SSL <br> perl-JSON-Any <br> perl-JSON-XS <br> perl-libintl-perl <br> perl-List-MoreUtils <br> perl-Module-Build <br> perl-Module-Install <br> perl-Module-ScanDeps <br> perl-Net-SSLeay <br> perl-NetAddr-IP <br> perl-Object-Accessor <br> perl-Path-Class <br> perl-Try-Tiny <br> perl-Types-Serialiser <br> perl-WWW-Curl <br> perl-XML-Parser <br> perl-YAML <br> perl-YAML-Tiny <br> pgbouncer <br> pinentry <br> polkit <br> popt <br> postgresql <br> powershell <br> procps-ng <br> protobuf <br> protobuf-c <br> psmisc <br> pth <br> pyasn1-modules <br> pyOpenSSL <br> PyPAM <br> pyparsing <br> pytest <br> python-appdirs <br> python-asn1crypto <br> python-atomicwrites <br> python-attrs <br> python-bcrypt <br> python-boto3 <br> python-botocore <br> python-certifi <br> python-cffi <br> python-chardet <br> python-configobj <br> python-constantly <br> python-coverage <br> python-cryptography <br> python-daemon <br> python-dateutil <br> python-defusedxml <br> python-distro <br> python-docopt <br> python-docutils <br> python-ecdsa <br> python-gevent <br> python-greenlet <br> python-hyperlink <br> python-hypothesis <br> python-idna <br> python-imagesize <br> python-incremental <br> python-iniparse <br> python-ipaddr <br> python-jinja2 <br> python-jmespath <br> python-jsonpatch <br> python-jsonpointer <br> python-jsonschema <br> python-lockfile <br> python-lxml <br> python-m2r <br> python-mako <br> python-markupsafe <br> python-mistune <br> python-msgpack <br> python-netaddr <br> python-netifaces <br> python-ntplib <br> python-oauthlib <br> python-packaging <br> python-pam <br> python-pbr <br> python-pip <br> python-ply <br> python-prettytable <br> python-psutil <br> python-psycopg2 <br> python-py <br> python-pyasn1 <br> python-pycodestyle <br> python-pycparser <br> python-pycurl <br> python-pygments <br> python-pynacl <br> python-pyvmomi <br> python-requests <br> python-setuptools <br> python-setuptools_scm <br> python-simplejson <br> python-six <br> python-snowballstemmer <br> python-sphinx <br> python-sphinx-theme-alabaster <br> python-sqlalchemy <br> python-twisted <br> python-urllib3 <br> python-vcversioner <br> python-virtualenv <br> python-wcwidth <br> python-webob <br> python-websocket-client <br> python-werkzeug <br> python-zope-interface <br> python2 <br> python3 <br> pytz <br> PyYAML <br> rapidjson <br> readline <br> redis <br> rng-tools <br> rpcbind <br> rpcsvc-proto <br> rpm <br> rpm-ostree <br> rrdtool <br> rsync <br> rsyslog <br> ruby <br> rubygem-bundler <br> rust <br> scons <br> sed <br> sg3_utils <br> shadow-utils <br> slang <br> snappy <br> socat <br> sqlite <br> sshpass <br> strace <br> strongswan <br> subversion <br> sudo <br> swig <br> syslinux <br> syslog-ng <br> sysstat <br> systemd <br> systemd-bootstrap <br> systemtap <br> tar <br> tcl <br> tcpdump <br> tcsh <br> tdnf <br> telegraf <br> texinfo <br> tmux <br> tpm2-abrmd <br> tpm2-tools <br> tpm2-tss <br> traceroute <br> tree <br> trousers <br> tzdata <br> unbound <br> unixODBC <br> unzip <br> usbutils <br> userspace-rcu <br> utf8proc <br> util-linux <br> valgrind <br> vim <br> vsftpd <br> WALinuxAgent <br> wget <br> which <br> wpa_supplicant <br> xerces-c <br> xfsprogs <br> xinetd <br> xmlsec1 <br> xmlto <br> xz <br> zchunk <br> zeromq <br> zip <br> zlib <br> zsh |
diff --git a/SPECS/LICENSES-AND-NOTICES/data/licenses.json b/SPECS/LICENSES-AND-NOTICES/data/licenses.json
index d15e0adf287..0d42a4f8455 100644
--- a/SPECS/LICENSES-AND-NOTICES/data/licenses.json
+++ b/SPECS/LICENSES-AND-NOTICES/data/licenses.json
@@ -2497,7 +2497,6 @@
                 "bea-stax",
                 "beust-jcommander",
                 "bnd-maven-plugin",
-                "boringssl",
                 "bouncycastle",
                 "bsf",
                 "bsh2",
diff --git a/SPECS/boringssl/0002-crypto-Fix-aead_test-build-on-aarch64.patch b/SPECS/boringssl/0002-crypto-Fix-aead_test-build-on-aarch64.patch
deleted file mode 100644
index 4be7fc7d31a..00000000000
--- a/SPECS/boringssl/0002-crypto-Fix-aead_test-build-on-aarch64.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From d16b362b228ebee5c16ae6c214a50348e9e963b9 Mon Sep 17 00:00:00 2001
-From: Michal Rostecki <mrostecki@opensuse.org>
-Date: Thu, 25 Apr 2019 16:11:28 +0200
-Subject: [PATCH] crypto: Fix aead_test build on aarch64
-
-aarch64 does not allow allignments larger than 16 bytes.
-
-Before this change, `aead_test.cc` build on aarch64 was failing with the
-following errors:
-
-aead_test.cc:543:54: error: requested alignment 64 is larger than 16 [-Werror=attributes]
-   alignas(64) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH + 1];
-aead_test.cc:544:58: error: requested alignment 64 is larger than 16 [-Werror=attributes]
-   alignas(64) uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH + 1];
-aead_test.cc:545:39: error: requested alignment 64 is larger than 16 [-Werror=attributes]
-   alignas(64) uint8_t plaintext[32 + 1];
-aead_test.cc:546:32: error: requested alignment 64 is larger than 16 [-Werror=attributes]
-   alignas(64) uint8_t ad[32 + 1];
-aead_test.cc:564:75: error: requested alignment 64 is larger than 16 [-Werror=attributes]
-   alignas(64) uint8_t ciphertext[sizeof(plaintext) + EVP_AEAD_MAX_OVERHEAD];
-aead_test.cc:572:45: error: requested alignment 64 is larger than 16 [-Werror=attributes]
-   alignas(64) uint8_t out[sizeof(ciphertext)];
-aead_test.cc:586:50: error: requested alignment 64 is larger than 16 [-Werror=attributes]
-   alignas(64) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
-                                                  ^
-
-Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
-Change-Id: Iac2c6810fa260ad214abde8db733793ac914acda
----
- src/crypto/cipher_extra/aead_test.cc | 20 +++++++++++++-------
- 1 file changed, 13 insertions(+), 7 deletions(-)
-
-Index: boringssl-20200122/src/crypto/cipher_extra/aead_test.cc
-===================================================================
---- boringssl-20200122.orig/src/crypto/cipher_extra/aead_test.cc
-+++ boringssl-20200122/src/crypto/cipher_extra/aead_test.cc
-@@ -29,6 +29,12 @@
- #include "../test/test_util.h"
- #include "../test/wycheproof_util.h"
- 
-+#if defined(OPENSSL_AARCH64)
-+#define ALIGN_BYTES 16
-+#else
-+#define ALIGN_BYTES 64
-+#endif
-+
- 
- struct KnownAEAD {
-   const char name[40];
diff --git a/SPECS/boringssl/0003-enable-s390x-builds.patch b/SPECS/boringssl/0003-enable-s390x-builds.patch
deleted file mode 100644
index 8825d18885c..00000000000
--- a/SPECS/boringssl/0003-enable-s390x-builds.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 47c30871e5c56a2d6578fedd89e52b10e5580558 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
-Date: Wed, 4 Dec 2019 08:19:54 +0100
-Subject: [PATCH 3/4] enable s390x builds
-
-similar to the aarch64 patch, covering
-- recognition of architecture
-- adapting memory alignment
----
- CMakeLists.txt                       | 2 ++
- src/crypto/cipher_extra/aead_test.cc | 2 ++
- src/crypto/poly1305/poly1305_test.cc | 9 +++++++--
- src/include/openssl/base.h           | 3 +++
- 4 files changed, 14 insertions(+), 2 deletions(-)
-
-Index: boringssl-20200122/CMakeLists.txt
-===================================================================
---- boringssl-20200122.orig/CMakeLists.txt
-+++ boringssl-20200122/CMakeLists.txt
-@@ -93,6 +93,8 @@ elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUA
-   set(ARCH "generic")
- elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "ppc64le")
-   set(ARCH "ppc64le")
-+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "s390x")
-+  set(ARCH "s390x")
- else()
-   message(FATAL_ERROR "Unknown processor:" ${CMAKE_SYSTEM_PROCESSOR})
- endif()
-Index: boringssl-20200122/src/crypto/cipher_extra/aead_test.cc
-===================================================================
---- boringssl-20200122.orig/src/crypto/cipher_extra/aead_test.cc
-+++ boringssl-20200122/src/crypto/cipher_extra/aead_test.cc
-@@ -31,6 +31,8 @@
- 
- #if defined(OPENSSL_AARCH64)
- #define ALIGN_BYTES 16
-+#elif defined(OPENSSL_S390X)
-+#define ALIGN_BYTES 8
- #else
- #define ALIGN_BYTES 64
- #endif
-Index: boringssl-20200122/src/crypto/poly1305/poly1305_test.cc
-===================================================================
---- boringssl-20200122.orig/src/crypto/poly1305/poly1305_test.cc
-+++ boringssl-20200122/src/crypto/poly1305/poly1305_test.cc
-@@ -25,6 +25,11 @@
- #include "../test/file_test.h"
- #include "../test/test_util.h"
- 
-+#if defined(OPENSSL_S390X)
-+#define ALIGN_BYTES 8
-+#else
-+#define ALIGN_BYTES 16
-+#endif
- 
- static void TestSIMD(unsigned excess, const std::vector<uint8_t> &key,
-                      const std::vector<uint8_t> &in,
-Index: boringssl-20200122/src/include/openssl/base.h
-===================================================================
---- boringssl-20200122.orig/src/include/openssl/base.h
-+++ boringssl-20200122/src/include/openssl/base.h
-@@ -99,6 +99,9 @@ extern "C" {
- #elif (defined(__PPC64__) || defined(__powerpc64__)) && defined(_LITTLE_ENDIAN)
- #define OPENSSL_64_BIT
- #define OPENSSL_PPC64LE
-+#elif defined(__S390X__) || defined(__s390x__)
-+#define OPENSSL_64_BIT
-+#define OPENSSL_S390X
- #elif defined(__mips__) && !defined(__LP64__)
- #define OPENSSL_32_BIT
- #define OPENSSL_MIPS
diff --git a/SPECS/boringssl/0004-fix-alignment-for-ppc64le.patch b/SPECS/boringssl/0004-fix-alignment-for-ppc64le.patch
deleted file mode 100644
index 0d63dd8a2df..00000000000
--- a/SPECS/boringssl/0004-fix-alignment-for-ppc64le.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From c1f2622b3431ba2b57d1ba78695d40fad16ed2dd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
-Date: Wed, 4 Dec 2019 08:23:17 +0100
-Subject: [PATCH 4/4] fix alignment for ppc64le
-
----
- src/crypto/cipher_extra/aead_test.cc | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/cipher_extra/aead_test.cc b/crypto/cipher_extra/aead_test.cc
-index 4c079e843321..2c7e116a4aad 100644
---- a/src/crypto/cipher_extra/aead_test.cc
-+++ b/src/crypto/cipher_extra/aead_test.cc
-@@ -29,7 +29,7 @@
- #include "../test/test_util.h"
- #include "../test/wycheproof_util.h"
- 
--#if defined(OPENSSL_AARCH64)
-+#if defined(OPENSSL_AARCH64) || defined(OPENSSL_PPC64LE)
- #define ALIGN_BYTES 16
- #elif defined(OPENSSL_S390X)
- #define ALIGN_BYTES 8
--- 
-2.24.0
-
diff --git a/SPECS/boringssl/0005-fix-alignment-for-arm.patch b/SPECS/boringssl/0005-fix-alignment-for-arm.patch
deleted file mode 100644
index 844fa1370a9..00000000000
--- a/SPECS/boringssl/0005-fix-alignment-for-arm.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -purN boringssl-20190916.orig/crypto/cipher_extra/aead_test.cc boringssl-20190916/crypto/cipher_extra/aead_test.cc
---- boringssl-20190916.orig/src/crypto/cipher_extra/aead_test.cc	2020-03-10 20:57:53.383996634 +0100
-+++ boringssl-20190916/src/crypto/cipher_extra/aead_test.cc	2020-03-10 20:59:03.108731229 +0100
-@@ -31,7 +31,7 @@
- 
- #if defined(OPENSSL_AARCH64) || defined(OPENSSL_PPC64LE)
- #define ALIGN_BYTES 16
--#elif defined(OPENSSL_S390X)
-+#elif defined(OPENSSL_S390X) || defined(OPENSSL_ARM)
- #define ALIGN_BYTES 8
- #else
- #define ALIGN_BYTES 64
-diff -purN boringssl-20190916.orig/crypto/poly1305/poly1305_test.cc boringssl-20190916/crypto/poly1305/poly1305_test.cc
---- boringssl-20190916.orig/src/crypto/poly1305/poly1305_test.cc	2020-03-10 20:57:53.363996424 +0100
-+++ boringssl-20190916/src/crypto/poly1305/poly1305_test.cc	2020-03-10 21:08:32.606731399 +0100
-@@ -25,7 +25,7 @@
- #include "../test/file_test.h"
- #include "../test/test_util.h"
- 
--#if defined(OPENSSL_S390X)
-+#if defined(OPENSSL_S390X) || defined(OPENSSL_ARM)
- #define ALIGN_BYTES 8
- #else
- #define ALIGN_BYTES 16
diff --git a/SPECS/boringssl/boringssl.signatures.json b/SPECS/boringssl/boringssl.signatures.json
deleted file mode 100644
index e7b3352b0db..00000000000
--- a/SPECS/boringssl/boringssl.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "boringssl-20200921.tar.gz": "f4e9d639bbe4efea0c39051a43636a2091defd0b4baf63467c284b1e56f473ee"
- }
-}
\ No newline at end of file
diff --git a/SPECS/boringssl/boringssl.spec b/SPECS/boringssl/boringssl.spec
deleted file mode 100644
index 6de18294a2a..00000000000
--- a/SPECS/boringssl/boringssl.spec
+++ /dev/null
@@ -1,1118 +0,0 @@
-#
-# spec file for package boringssl
-#
-# Copyright (c) 2021 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-%define _binaries_in_noarch_packages_terminate_build 0
-%define sover 1
-%define libname libboringssl%{sover}
-%define src_install_dir %{_prefix}/src/%{name}
-Summary:        An SSL/TLS protocol implementation
-Name:           boringssl
-Version:        20200921
-Release:        3%{?dist}
-License:        OpenSSL
-Vendor:         Microsoft Corporation
-Distribution:   Mariner
-Group:          Development/Sources
-URL:            https://boringssl.googlesource.com/boringssl/
-#Source0:       https://boringssl.googlesource.com/boringssl/+archive/3743aafdacff2f7b083615a043a37101f740fa53.tar.gz
-Source0:        %{name}-%{version}.tar.gz
-Patch0:         0002-crypto-Fix-aead_test-build-on-aarch64.patch
-Patch1:         0003-enable-s390x-builds.patch
-Patch2:         0004-fix-alignment-for-ppc64le.patch
-Patch3:         0005-fix-alignment-for-arm.patch
-BuildRequires:  cmake >= 3.0
-BuildRequires:  fdupes
-BuildRequires:  gcc-c++
-BuildRequires:  go
-BuildRequires:  libunwind-devel
-BuildRequires:  ninja-build
-BuildRequires:  patchelf
-ExclusiveArch:  x86_64 aarch64
-
-%description
-BoringSSL is an implementation of the Secure Sockets Layer (SSL) and
-Transport Layer Security (TLS) protocols, derived from OpenSSL.
-
-%package -n %{libname}
-Summary:        An SSL/TLS protocol implementation
-Group:          System/Libraries
-Recommends:     ca-certificates-mozilla
-
-%description -n %{libname}
-BoringSSL is an implementation of the Secure Sockets Layer (SSL) and
-Transport Layer Security (TLS) protocols, derived from OpenSSL.
-
-%package devel
-Summary:        Development files for BoringSSL
-Group:          Development/Libraries/C and C++
-Requires:       %{libname} = %{version}
-
-%description devel
-Development files for BoringSSL - an implementation of the Secure
-Sockets Layer (SSL) and Transport Layer Security (TLS) protocols,
-derived from OpenSSL.
-
-%package source
-Summary:        Source code of BoringSSL
-Group:          Development/Sources
-BuildArch:      noarch
-
-%description source
-Source files for BoringSSL implementation
-
-%prep
-%setup -q -c -n %{name}-%{version}
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-
-%build
-%cmake \
-  -DCMAKE_SHARED_LINKER_FLAGS="%{?build_ldflags} -Wl,--as-needed -Wl,-z,now"
-%cmake_build
-
-%install
-# Install libraries
-install -D -m0755 ./libcrypto.so %{buildroot}%{_libdir}/libboringssl_crypto.so.%{sover}
-install -D -m0755 ./libssl.so %{buildroot}%{_libdir}/libboringssl_ssl.so.%{sover}
-# Add SOVER to SONAME fields in libraries
-patchelf --set-soname libboringssl_crypto.so.%{sover} %{buildroot}%{_libdir}/libboringssl_crypto.so.%{sover}
-patchelf --set-soname libboringssl_ssl.so.%{sover} %{buildroot}%{_libdir}/libboringssl_ssl.so.%{sover}
-# Create links from *.so to *.so.SOVER
-ln -sf libboringssl_crypto.so.%{sover} %{buildroot}%{_libdir}/libboringssl_crypto.so
-ln -sf libboringssl_ssl.so.%{sover} %{buildroot}%{_libdir}/libboringssl_ssl.so
-
-# Install sources
-rm -rf build/
-mkdir -p %{buildroot}%{src_install_dir}
-cp -r * %{buildroot}%{src_install_dir}
-%fdupes %{buildroot}%{src_install_dir}
-# Fix arch-independent-package-contains-binary-or-object
-find %{buildroot}%{src_install_dir} -type f \( -name "*.a" -o -name "*.lib" -o -name "*.o" \) -exec rm -f "{}" +
-# Fix non-executable-script warning.
-find %{buildroot}%{src_install_dir} -type f -name "*.sh" -exec chmod +x "{}" +
-# Fix env-script-interpreter error.
-find %{buildroot}%{src_install_dir} -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!%{_bindir}/perl|' "{}" +
-find %{buildroot}%{src_install_dir} -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!%{_bindir}/python3|' "{}" +
-find %{buildroot}%{src_install_dir} -type f -name "*.sh" -exec sed -i 's|#!.*/usr/bin/env bash|#!/bin/bash|' "{}" +
-
-# To avoid conflicts with openssl development files, change all includes from
-# openssl to boringssl.
-# BoringSSL headers provided by this pachage are installed in
-# /usr/include/boringssl for the same reason.
-find src/include/openssl -type f -exec sed -i 's/openssl/boringssl/' "{}" +
-
-find src/include/openssl -type f -execdir install -D -m0644 "{}" "%{buildroot}%{_includedir}/boringssl/{}" \;
-
-%post -n %{libname} -p /sbin/ldconfig
-%postun -n %{libname} -p /sbin/ldconfig
-
-%files -n %{libname}
-%doc src/README.md
-%license LICENSE
-%{_libdir}/libboringssl_crypto.so.%{sover}
-%{_libdir}/libboringssl_ssl.so.%{sover}
-
-%files devel
-%{_includedir}/boringssl
-%{_libdir}/libboringssl_crypto.so
-%{_libdir}/libboringssl_ssl.so
-
-%files source
-%{src_install_dir}
-
-%changelog
-
-* Tue Nov 30 2021 Mateusz Malisz <mamalisz@microsoft.com> - 20200921-3
-- Unify macro syntax used in the spec.
-
-* Tue Oct 12 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200921-2
-- Switching to using a single digit for the 'Release' tag.
-
-* Thu Jun 10 2021 Henry Li <lihl@microsoft.com> - 20200921-1.2
-- Initial CBL-Mariner import from openSUSE Tumbleweed (license: same as "License" tag).
-- License Verified
-- Fix Source URL
-- Change build requirement from ninja to ninja-build
-- Modify location of shared library files
-- Add _binaries_in_noarch_packages_terminate_build definition to resolve arch dependent binary error
-- Remove unsupported architectures in CBL-Mariner from ExclusiveArch list
-
-* Mon May 17 2021 mrostecki@suse.com
-- Update to version 20200921 (fixes bsc#1183836, bsc#1181866):
-  * Add SSL_CIPHER_get_protocol_id.
-  * Add TrustTokenV2.
-  * Add X509_get_pathlen and X509_REVOKED_get0_extensions.
-  * Add some accommodations for FreeRDP
-  * Require non-NULL store in X509_STORE_CTX_init.
-  * Const-correct X509V3_CONF_METHOD.
-  * Avoid unions in X509_NAME logic.
-  * Bump OPENSSL_VERSION_NUMBER to 1.1.1.
-  * Document more of x509.h.
-  * Fix potential leak in bssl::Array::Shrink.
-  * Remove ASN1_STRING_length_set.
-  * Revert "Check AlgorithmIdentifier parameters for RSA and ECDSA signatures."
-  * Implement PSK variants of HPKE setup functions.
-  * acvp: support working with files.
-  * Document a few more functions in x509.h.
-  * Add subject key ID and authority key ID accessors.
-  * Remove sxnet and pkey_usage_period extensions.
-  * Const-correct various X509 functions.
-  * Make X509_set_not{Before,After} functions rather than macros.
-  * Add X509_get0_uids from OpenSSL 1.1.0.
-  * Bound RSA and DSA key sizes better.
-  * Add set1 versions of X509 timestamp setters.
-  * Consistently sort generated build files.
-  * delocate: use 64-bit GOT offsets in the large memory model.
-  * Update HPKE implementation and test vectors to draft-irtf-cfrg-hpke-05.
-  * Handle NULL arguments in some i2d_* functions.
-  * aarch64: support BTI and pointer authentication in assembly
-  * Support delegated credentials verison 06
-  * delocation: large memory model support.
-  * Enforce presence of ALPN when QUIC is in use.
-  * Fix the naming of alert error codes.
-  * Use golang.org/x/crypto in runner.
-  * Disable ClientHello padding for QUIC.
-  * Add X509_SIG_get0 and X509_SIG_getm.
-  * Implement HPKE.
-  * Disallow TLS 1.3 compatibility mode in QUIC.
-  * Switch clang-format IncludeBlocks to Preserve.
-  * Fix unterminated clang-format off.
-  * Add line number to doc.go error messages.
-  * Kick the bots.
-  * Add a JSON output to generate_build_files.py.
-  * Add details of 20190808 FIPS certification.
-  * Link to ws2_32 more consistently.
-  * Allow explicitly-encoded X.509v1 versions for now.
-  * Opaquify PKCS8_PRIV_KEY_INFO.
-  * Implement i2d_PUBKEY and friends without crypto/asn1.
-  * Remove TRUST_TOKEN_experiment_v0.
-  * Clarify in-place rules for low-level AES mode functions.
-  * acvp: add CMAC-AES support.
-  * acvp: add SP800-108 KDF support.
-  * Remove x509->name.
-  * Maybe build for AArch64 Windows.
-  * sha1-x86_64: fix CFI.
-  * Use |crypto_word_t| and |size_t| more consistently in ECC scalar recoding.
-  * Enable shaext path for sha1.
-  * Avoid relying on SSL_get_session's behavior during the handshake.
-  * Add a -wait-for-debugger flag to runner.
-  * Add missing OPENSSL_EXPORT to X509_get_X509_PUBKEY.
-  * Const-correct various functions in crypto/asn1.
-  * Remove uneeded switch statement.
-  * Convert X.509 accessor macros to proper functions.
-  * Remove X509_CINF_get_issuer and X509_CINF_get_extensions.
-  * Remove X509_get_signature_type.
-  * clang-format x509.h and run comment converter.
-  * Check AlgorithmIdentifier parameters for RSA and ECDSA signatures.
-  * Remove some unimplemented prototypes.
-  * Check the X.509 version when parsing.
-  * Fix x509v3_cache_extensions error-handling.
-  * Work around Windows command-line limits in embed_test_data.go.
-  * Move crypto/x509 test data into its own directory.
-  * Test resumability of same, different, and default ticket keys.
-  * Fixes warning when redefining PATH_MAX when building with MINGW.
-  * Abstract fd operations better in tool.
-  * Use CMAKE_SIZEOF_VOID_P instead of CMAKE_CL_64
-  * Enforce the keyUsage extension in TLS 1.2 client certs.
-  * Reword some comments.
-  * Add “Z Computation” KAT.
-  * acvptool: handle negative sizeConstraint.
-  * Let memory hooks override the size prefix.
-  * acvptool: go fmt
-  * Assert md_size > 0.
-  * Remove -enable-ed25519 compat hack.
-  * Add a |SSL_process_tls13_new_session_ticket|.
-  * Use ctr32 optimizations for AES_ctr128_encrypt.
-  * Test AES mode wrappers.
-  * Bump minimum CMake version.
-  * Modify how QUIC 0-RTT go/no-go decision is made.
-  * Remove RAND_set_urandom_fd.
-  * Document that getrandom support must be consistent.
-  * Fix docs link for SSL_CTX_load_verify_locations
-  * Fix TRUST_TOKEN experiment_v1 SRR map.
-  * Add CRYPTO_pre_sandbox_init.
-  * Still query getauxval if reading /proc/cpuinfo fails.
-  * Add missing header to ec/wnaf.c
-  * Fix OPENSSL_TSAN typo.
-  * Fix p256-x86_64-table.h indentation.
-  * Enable avx2 implementation of sha1.
-  * Trim Z coordinates from the OPENSSL_SMALL P-256 tables.
-  * Use public multi-scalar mults in Trust Tokens where applicable.
-  * Use batched DLEQ proofs for Trust Token.
-  * Restrict when 0-RTT will be accepted in QUIC.
-  * Disable TLS 1.3 compatibility mode for QUIC.
-  * Use a 5-bit comb for some Trust Tokens multiplications.
-  * Use a (mostly) constant-time multi-scalar mult for Trust Tokens.
-  * Batch inversions in Trust Tokens.
-  * Rearrange the DLEQ logic slightly.
-  * Use token hash to encode private metadata for Trust Token Experiment V1.
-  * Introduce an EC_AFFINE abstraction.
-  * Make the fuzzer PRNG thread-safe.
-  * Disable fork-detect tests under TSAN.
-  * Introduce TRUST_TOKENS_experiment_v1.
-  * Route PMBToken calls through TRUST_TOKEN_METHOD.
-  * Introduce a TRUST_TOKEN_METHOD hook to select TRUST_TOKEN variations.
-  * fork_detect: be robust to qemu.
-  * Move serialization of points inside pmbtoken.c.
-  * Introduce PMBTOKENS key abstractions.
-  * Fix the types used in token counts.
-  * Remove unused code from ghash-x86_64.pl.
-  * Switch the P-384 hash-to-curve to draft-07.
-  * Add hash-to-curve code for P384.
-  * Write down the expressions for all the NIST primes.
-  * Move fork_detect files into rand/
-  * Harden against fork via MADV_WIPEONFORK.
-  * Fix typo in comment.
-  * Use faster addition chains for P-256 field inversion.
-  * Tidy up third_party/fiat.
-  * Prefix g_pre_comp in p256.c as well.
-  * Add missing curve check to ec_hash_to_scalar_p521_xmd_sha512.
-  * Add a tool to compare the output of bssl speed.
-  * Benchmark ECDH slightly more accurately.
-  * Align remaining Intel copyright notice.
-  * Don't retain T in PMBTOKEN_PRETOKEN.
-  * Check for trailing data in TRUST_TOKEN_CLIENT_finish_issuance.
-  * Properly namespace everything in third_party/fiat/p256.c.
-  * Update fiat-crypto.
-  * Add missing ERR_LIB_TRUST_TOKEN constants.
-  * Add bssl speed support for hashtocurve and trusttoken.
-  * Implement DLEQ checks for Trust Token.
-  * Fix error-handling in EVP_BytesToKey.
-  * Fix Trust Token CBOR.
-  * Match parameter names between header and source.
-  * Trust Token Implementation.
-  * Include mem.h for |CRYPTO_memcmp|
-  * acvptool: add subprocess tests.
-  * Add SHA-512-256.
-  * Make ec_GFp_simple_cmp constant-time.
-  * Tidy up CRYPTO_sysrand variants.
-  * Do a better job testing EC_POINT_cmp.
-  * Follow-up comments to hash_to_scalar.
-  * Add a hash_to_scalar variation of P-521's hash_to_field.
-  * Add SSL_SESSION_copy_without_early_data.
-  * Double-check secret EC point multiplications.
-  * Make ec_felem_equal constant-time.
-  * Fix hash-to-curve comment.
-  * Make ec_GFp_simple_is_on_curve constant-time.
-  * Implement draft-irtf-cfrg-hash-to-curve-06.
-  * Update list of tested SDE configurations.
-  * Only draw from RDRAND for additional_data if it's fast.
-  * Generalize bn_from_montgomery_small.
-  * Remove BIGNUM from uncompressed coordinate parsing.
-  * Add EC_RAW_POINT serialization function.
-  * Base EC_FELEM conversions on bytes rather than BIGNUMs.
-  * runner: Replace supportsVersions calls with allVersions.
-  * Enable QUIC for some perMessageTest runner tests
-  * Move BN_nnmod calls out of low-level group_set_curve.
-  * Clean up various EC inversion functions.
-  * Start to organize ec/internal.h a little.
-  * Fix CFI for AVX2 ChaCha20-Poly1305.
-  * Remove unused function prototype.
-  * Enable more runner tests for QUIC
-  * Require QUIC method with Transport Parameters and vice versa
-  * acvptool: support non-interactive mode.
-  * Add is_quic bit to SSL_SESSION
-  * Update SDE.
-  * Update tools.
-  * Add simpler getters for DH and DSA.
-  * Don't define default implementations for weak symbols.
-  * Don't automatically run all tests for ABI testing.
-  * Fix test build with recent Clang.
-  * Remove LCM dependency from RSA_check_key.
-  * Simplify bn_sub_part_words.
-  * No-op commit to test Windows SDE bots.
-  * ABI-test each AEAD.
-  * Add memory tracking and sanitization hooks
-  * Add X509_STORE_CTX_get0_chain.
-  * Add DH_set_length.
-  * Static assert that CRYPTO_MUTEX is sufficiently aligned.
-  * [bazel] Format toplevel BUILD file with buildifier
-  * Add |SSL_CTX_get0_chain|.
-  * Configure QUIC secrets inside set_{read,write}_state.
-  * Allow setting QUIC transport parameters after parsing the client's
-  * Fix comment for |BORINGSSL_self_test|.
-  * Trust Token Key Generation.
-  * Revise QUIC encryption secret APIs.
-  * Fix ec_point_mul_scalar_public's documentation.
-  * Don't infinite loop when QUIC tests fail.
-  * Tidy up transitions out of 0-RTT keys on the client.
-  * Remove bn_sub_part_words assembly.
-  * Keep the encryption state and encryption level in sync.
-  * Add ECDSA_SIG_get0_r and ECDSA_SIG_get0_s.
-  * Fix a couple of comment typos.
-  * Const-correct various X509_NAME APIs.
-  * Ignore old -enable-ed25519 flag.
-  * Provide __NR_getrandom fillins in urandom test too.
-  * Skip RSATest.DISABLED_BlindingCacheConcurrency in SDE.
-  * Fix client handling of 0-RTT rejects with cipher mismatch.
-  * runner: Tidy up 0-RTT support.
-  * Add X509_getm_notBefore and X509_getm_notAfter.
-  * Clean up TLS 1.3 handback logic.
-  * Require handshake flights end at record boundaries.
-  * Delete unreachable DTLS check.
-  * Rename TLS-specific functions to tls_foo from ssl3_foo.
-  * Rename ssl3_choose_cipher.
-  * SSL_apply_handback: don't choke on trailing data.
-  * ssl_test: test early data with split handshakes.
-  * Check for overflow in massive mallocs.
-  * Add more convenient RSA getters.
-  * Remove SSL_CTX_set_ed25519_enabled.
-  * Improve signature algorithm tests.
-  * bazel: explicitly load C++ rules
-  * Check enum values in handoff.
-  * Restore fuzz/cert_corpus.
-  * Add a -sigalgs option to bssl client.
-  * Add SSL_set_verify_algorithm_prefs.
-  * Switch verify sigalg pref functions to SSL_HANDSHAKE.
-  * Add SSL_AD_NO_APPLICATION_PROTOCOL
-  * Refresh corpora due to TLS 1.3 changes in handoff serialization.
-  * handoff: set |enable_early_data| as part of handback.
-  * Add 109 and 120 to SSL_alert_desc_string_long
-  * runner: enable split handshake tests for TLS 1.3.
-  * Make TLS 1.3 split handshakes work with early data.
-  * Split half-RTT tickets out into a separate TLS 1.3 state.
-  * Use BCryptGenRandom when building as Windows UWP app.
-
-* Thu May 28 2020 Jan Engelhardt <jengelh@inai.de>
-- Rectify groups.
-
-* Wed May 27 2020 Michał Rostecki <mrostecki@suse.com>
-- Remove patch for enabling shared linking - it was enabled
-  upstream.
-  * 0001-add-soversion-option.patch
-- Add boringssl-source subpackage.
-
-* Wed May 27 2020 mrostecki@suse.com
-- Update to version 20200122:
-  * Define EVP compatibility constants for X448 and Ed448.
-  * Allow shared libraries in the external CMake build.
-  * Add a few little-endian functions to CBS/CBB.
-  * Move iOS asm tricks up in external CMake build.
-  * Try again to deal with expensive tests.
-  * Restore ARM CPU variation tests on builders.
-  * Remove SSL_CTX_set_rsa_pss_rsae_certs_enabled.
-  * Work around another NULL/0 C language bug.
-  * Use the MAYBE/DISABLED pattern in RSATest.BlindingCacheConcurrency.
-  * Switch an #if-0-gated test to DISABLED_Foo.
-  * Proxy: send whole SSL records through the handshaker.
-  * Disable Wycheproof primality test cases on non-x86 (too slow)
-  * test_state.cc: serialize the test clock.
-  * Output after every Wycheproof primality test.
-  * Maybe fix generated-CMake build on Android and iOS.
-  * Detect the NDK path from CMAKE_TOOLCHAIN_FILE.
-  * Tell Go to build for GOOS=android when running on Android.
-  * Reland bitsliced aes_nohw implementation.
-  * Add bssl client option to load a hashed directory of cacerts.
-  * No-op change to run the new NO_SSE2 builders.
-  * Clarify that we perform the point-on-curve check.
-  * Reduce size of BlindingCacheConcurrency test under TSAN.
-  * Compare vpaes/bsaes conversions against a reference implementation.
-  * Enable the SSE2 Poly1305 implementation on clang-cl.
-  * Remove alignment requirement on CRYPTO_poly1305_finish.
-  * Fix double-free under load.
-  * Add some XTS tests.
-  * Add EncodeHex and DecodeHex functions to test_util.h.
-  * Revert "Replace aes_nohw with a bitsliced implementation."
-  * Replace aes_nohw with a bitsliced implementation.
-  * Switch HRSS inversion algorithm.
-  * Run EVP_CIPHER tests in-place.
-  * Add an option to disable SSE2 intrinsics for testing.
-  * Dummy change to trigger master-with-bazel builder.
-  * Drop use of alignas(64) in aead_test.cc
-  * Add standalone CMake build to generate_build_files.py
-  * TLS 1.3 split handshake initial support.
-  * Import Wycheproof primality tests.
-  * Split BN_prime_checks into two constants for generation and validation.
-  * Add some Miller-Rabin tests from Wycheproof.
-  * Import Wycheproof PKCS#1 decrypt tests.
-  * Import Wycheproof OAEP tests.
-  * Import Wycheproof PKCS#1 signing tests.
-  * Skip JWK keys when converting Wycheproof tests.
-  * Import Wycheproof's size-specific RSA PKCS#1 verifying tests.
-  * Handle "acceptable" Wycheproof inputs unambiguously.
-  * Import Wycheproof XChaCha20-Poly1305 tests.
-  * Import Wycheproof HMAC tests.
-  * Import Wycheproof HKDF tests.
-  * bytestring: add methods for int64.
-  * Update Wycheproof test vectors.
-  * Add mock QUIC transport to runner
-  * Add test vectors for CVE-2019-1551 (not affected).
-  * Fix check_bn_tests.go.
-  * Fix MSan error in SSLTest.Handoff test.
-  * SSLTest.Handoff: extend to include a session resumption.
-  * inject_hash preserves filemode
-  * Move TLS 1.3 state machine constants to internal.h.
-  * Add a ppc64le ABI tester.
-  * Allocate small TLS read buffers inline.
-  * Remove unused labels from ARM ABI test assembly.
-  * Update AAPCS and AAPCS64 links.
-  * Fix EVP_has_aes_hardware on ppc64le.
-  * Remove remnants of end_of_early_data alert from tests.
-  * Add a test for ERR_error_string_n.
-  * Remove post-quantum experiment signal extension.
-  * Give ERR_error_string_n a return value for convenience.
-  * Defer early keys to QUIC clients to after certificate reverification.
-  * Defer releasing early secrets to QUIC servers.
-  * Halve the size of the kNIDsIn* constants
-  * modulewrapper: manage buffer with |unique_ptr|.
-  * Add missing boringssl_prefix_symbols_asm.h include.
-  * acvptool: add support for ECDSA
-  * Inline gcm_init_4bit into gcm_init_ssse3.
-  * Vectorize gcm_mul32_nohw and replace gcm_gmult_4bit_mmx.
-  * Add a constant-time fallback GHASH implementation.
-  * Conditionally define PTRACE_O_EXITKILL in urandom_test.cc
-  * Fix build warning if _SCL_SECURE_NO_WARNINGS is defined globally
-  * modulewrapper: use a raw string.
-  * acvptool: add license headers.
-  * Enable TLS 1.3 by default.
-  * acvptool: Add support for DRBG
-  * Discard user_canceled alerts in TLS 1.3.
-  * Work around more C language bugs with empty spans.
-  * No-op commit to test the new builder.
-  * acvptool: Add support for HMAC
-  * Add stub functions for RSA-PSS keygen parameters.
-  * HelloRetryRequest getter
-  * Add break-tests-android.sh script.
-  * Add compatibility functions for sigalgs
-  * Run AES-192-GCM in CAVP tests.
-  * Rename a number of BUF_* functions to OPENSSL_*.
-  * List bn_div fuzzer in documentation.
-  * Reenable bn_div fuzzer.
-  * Drop CECPQ2b code.
-  * Add urandom_test to all_tests.json
-  * Fix the standalone Android FIPS build.
-  * Add sanity checks to FIPS module construction.
-  * Correct relative path.
-  * Add test for urandom.c
-  * break-hash.go: Search ELF dynamic symbols if symbols not found.
-  * Fix $OPENSSL_ia32cap handling.
-  * Switch probable_prime to rejection sampling.
-  * Rename the last remnants of the early_data_info extension.
-  * Fix up BN_GENCB_call calls.
-  * Do fewer trial divisions for larger RSA keygens.
-  * Fix GRND_NONBLOCK flag when calling getrandom.
-  * Simplify bn_miller_rabin_iteration slightly.
-  * Add some notes on RSA key generation performance.
-  * Break early on composites in the primality test.
-  * Extract and test the deterministic part of Miller-Rabin.
-  * Fix the FIPS + fuzzing build.
-  * FIPS.md: document some recent Android changes.
-  * Add a function to derive an EC key from some input secret.
-  * Fix run_android_tests.go with shared library builds.
-  * No-op change to test new builders.
-  * Move no-exec-stack sections outside of #ifs.
-  * Add |SSL_get_min_proto_version| and |SSL_get_max_proto_version|
-  * Make FIPS build work for Android cross-compile.
-  * Enable optional GRND_RANDOM flag to be passed to getrandom on Android.
-  * Switch cert_compression_algs to GrowableArray.
-  * Add GrowableArray<T> to ssl/internal.h.
-  * Fixed quic_method lookup in TLS 1.3 server side handshake.
-  * Add .note.GNU-stack at the source level.
-  * -Wno-vla -> -Wvla
-  * Add an option for explicit renegotiations.
-  * tool: add -json flag to |speed|
-  * Set -Wno-vla.
-  * Use a pointer to module_hash in boringssl_fips_self_test() args.
-  * Use a smaller hex digest in FIPS flag files when SHA-256 used.
-  * Switch to using SHA-256 for FIPS integrity check on Android.
-  * Use getentropy on macOS 10.12 and later.
-  * Move #include of "internal.h", which defines |OPENSSL_URANDOM|.
-  * Style nit.
-  * Assert that BN_CTX_end is actually called.
-  * Test some known large primes.
-  * Test some Euler pseudoprimes.
-  * Be consistent about Miller-Rabin vs Rabin-Miller.
-  * fix build with armv6  Error: .size expression for _vpaes_decrypt_consts does not evaluate to a constant
-  * Mark ssl_early_data_reason_t values stable.
-  * Make the dispatch tests opt-in.
-  * Bound the number of API calls in ssl_ctx_api.cc.
-  * Only attempt to mprotect FIPS module for AArch64.
-  * Opportunistically read entropy from the OS in FIPS mode.
-  * Update INSTANTIATE_TEST_SUITE_P calls missing first argument.
-  * Ignore build32 and build64 subdirectories.
-  * Add page protection logic to BCM self test.
-  * Disable unwind tests in FIPS mode.
-  * Disable RDRAND on AMD family 0x17, models 0x70–0x7f.
-  * Don't allow SGC EKUs for server certificates.
-  * Add |SSL_CIPHER_get_value| to get the IANA number of a cipher suite.
-  * Add XOF compilation compatibility flags
-  * Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print
-  * Trigger a build on the ARM mode builder.
-  * Fix vpaes-armv7.pl in ARM mode.
-  * Add AES-192-GCM support to EVP_AEAD.
-  * Add AES-256 CFB to libdecrepit.
-  * Parse explicit EC curves more strictly.
-  * Use the Go 1.13 standard library ed25519.
-  * Update build tools.
-  * Use ScopedEVP_AEAD_CTX in ImplDispatchTest.AEAD_AES_GCM.
-  * Use a mix of bsaes and vpaes for CTR on NEON.
-  * Use vpaes + conversion to setup CBC decrypt on NEON.
-  * Add NEON vpaes-to-bsaes key converters.
-  * Add vpaes-armv7.pl and replace non-parallel modes.
-  * Correct comments for x86_64 _vpaes_encrypt_core_2x.
-  * Add benchmarks for AES block operations.
-  * Only write self test flag files if an environment variable is set.
-  * Const-correct EC_KEY_set_public_key_affine_coordinates.
-  * Revert "Fix VS build when assembler is enabled"
-  * Support compilation via emscripten
-  * Fix cross-compile of Android on Windows.
-  * Move the config->async check into RetryAsync.
-  * Clear *out in ReadHandshakeData's empty case.
-  * Add initial support for 0-RTT with QUIC.
-  * Have some more fun with spans.
-  * Add OPENSSL_FALLTHROUGH to a few files.
-  * Limit __attribute__ ((fallthrough)) to Clang >= 5.
-  * Make |EVP_CIPHER_CTX_reset| return one.
-  * Add Fallthru support for clang 10.
-  * Add self-test suppression flag file for Android FIPS builds.
-  * Align 0-RTT and resumption state machines slightly
-  * Require getrandom in Android FIPS builds.
-  * acvp: allow passing custom subprocess I/O.
-  * Add a function to convert SSL_ERROR_* values to strings.
-  * Fold SSL_want constants into SSL_get_error constants.
-  * Use spans for the various TLS 1.3 secrets.
-  * Switch another low-level function to spans.
-  * Switch tls13_enc.cc to spans.
-  * Check the second ClientHello's PSK binder on resumption.
-  * Introduce libcrypto_bcm_sources for Android.
-  * Remove stale TODO.
-  * Add an android-cmake option to generate_build_files.py
-  * Add a QUIC test for HelloRetryRequest.
-  * Add missing ".text" to Windows code for dummy_chacha20_poly1305_asm
-  * Update TODO to note that Clang git doesn't have the POWER bug.
-  * Fix paths in break-tests.sh.
-  * Fix POWER build with OPENSSL_NO_ASM.
-  * Workaround Clang bug on POWER.
-  * Add assembly support for -fsanitize=hwaddress tagged globals.
-  * Fix typo in valgrind constant-time annotations.
-  * acvp: add support for AES-ECB and AES-CBC.
-  * Fix misspelled TODO.
-  * Move CCM fragments out of the FIPS module.
-  * Add EVP_PKEY_base_id.
-  * Add some project links to README.md.
-  * Make alert_dispatch into a bool.
-  * Trim some more per-connection memory.
-  * Remove SSL_export_early_keying_material.
-  * Add EVP_PKEY support for X25519.
-  * Make EVP_PKEY_bits return 253 for Ed25519.
-  * Make SSL_get_servername work in the early callback.
-
-* Tue Mar 10 2020 Guillaume GARDET <guillaume.gardet@opensuse.org>
-- Fix arm build:
-  * 0005-fix-alignment-for-arm.patch
-
-* Wed Dec  4 2019 Klaus Kämpf <kkaempf@suse.com>
-- fix s390x and ppc64le build
-  * 0003-enable-s390x-builds.patch
-  * 0004-fix-alignment-for-ppc64le.patch
-- rename add-soversion-option.patch
-    to 0001-add-soversion-option.patch
-- rename 0001-crypto-Fix-aead_test-build-on-aarch64.patch
-    to 0002-crypto-Fix-aead_test-build-on-aarch64.patch
-
-* Thu Oct 17 2019 Richard Brown <rbrown@suse.com>
-- Remove obsolete Groups tag (fate#326485)
-
-* Mon Oct 14 2019 Martin Pluskal <mpluskal@suse.com>
-- Update to version 20190916:
-  * Revert "Fix VS build when assembler is enabled"
-  * Only bypass the signature verification itself in fuzzer mode.
-  * Move the PQ-experiment signal to SSL_CTX.
-  * Name cipher suite tests in runner by IETF names.
-  * Align TLS 1.3 cipher suite names with OpenSSL.
-  * Prefix all the SIKE symbols.
-  * Rename SIKE's params.c.
-  * Add post-quantum experiment signal extension.
-  * Fix shim error message endings.
-  * Add initial draft of ACVP tool.
-  * Implements SIKE/p434
-  * Add SipHash-2-4.
-  * Remove android_tools checkout
-  * Support key wrap with padding in CAVP.
-  * Add android_sdk checkout
-  * Move fipstools/ to util/fipstools/cavp
-  * Factor out TLS cipher selection to ssl_choose_tls_cipher.
-  * Emit empty signerInfos in PKCS#7 bundles.
-  * Clarify language about default SSL_CTX session ticket key behavior.
-  * Add an API to record use of delegated credential
-  * Fix runner tests with Go 1.13.
-  * Add a value barrier to constant-time selects.
-  * Avoid leaking intermediate states in point doubling special case.
-  * Split p224-64.c multiplication functions in three.
-  * Add AES-KWP
-  * Discuss the doubling case in windowed Booth representation.
-  * Update build tools.
-  * Set a minimum CMake version of 3.0.
-  * Replace addc64,subc64,mul64 in SIKE Go code with functions from math/bits
-  * Eliminate some superfluous conditions in SIKE Go code.
-  * Fix various typos.
-  * Fix name clash in test structures
-  * bcm: don't forget to cleanup HMAC_CTX.
-  * Handle fips_shared_support.c getting built in other builds.
-  * Fix various mistakes in ec_GFp_nistp_recode_scalar_bits comment.
-  * Fix filename in comment.
-  * Split EC_METHOD.mul into two operations.
-  * Split ec_point_mul_scalar into two operations.
-  * Add FIPS shared mode.
-  * delocate: add test for .file handling.
-  * delocate: translate uleb128 and sleb128 directives
-  * Integrate SIKE with TLS key exchange.
-  * Convert ecdsa_p224_key.pem to PKCS#8.
-
-* Wed Sep  4 2019 Guillaume GARDET <guillaume.gardet@opensuse.org>
-- Re-enable build on aarch64
-
-* Tue Sep  3 2019 Martin Pluskal <mpluskal@suse.com>
-- Update to version 20190523:
-  * Disable RDRAND on AMD chips before Zen.
-  * Always store early data tickets.
-  * Align PKCS12_parse closer to OpenSSL.
-  * Support PKCS#12 KeyBags.
-  * Support PKCS#8 blobs using PBES2 with HMAC-SHA256.
-  * Make EVP_PKEY_keygen work for Ed25519.
-  * Sync aesp8-ppc.pl with upstream.
-  * Update generate_build_files.py for SIKE.
-  * Fix the last casts in third_party/sike.
-  * Remove no-op casts around tt1.
-  * Define p503 with crypto_word_t, not uint64_t.
-  * Add support for SIKE/p503 post-quantum KEM
-  * tool: fix speed tests.
-  * Add an option to skip crypto_test_data.cc in GN too.
-  * Save and restore errors when ignoring ssl_send_alert result.
-  * Reject obviously invalid DSA parameters during signing.
-  * Make expect/expected flag and variable names match.
-  * clang-format Flag arrays in test_config.cc.
-  * Rename remnants of ticket_early_data_info.
-  * Enforce the ticket_age parameter for 0-RTT.
-  * Add SSL_get_early_data_reason.
-  * Remove implicit -on-resume for -expect-early-data-accept.
-  * Use weak symbols only on supported platforms
-  * Fix spelling in comments.
-  * Add functions for "raw" EVP_PKEY serializations.
-  * Remove stray underscores.
-  * Add a compatibility EVP_DigestFinalXOF function.
-  * Fix up EVP_DigestSign implementation for Ed25519.
-  * Check for errors when setting up X509_STORE_CTX.
-  * Convert a few more things from int to bool.
-  * Compute the delegated credentials length prefix with CBB.
-  * Convert the rest of ssl_test to GTest.
-  * Check for x18 usage in aarch64 assembly.
-  * Handle errors from close in perlasm scripts.
-  * Hold off flushing NewSessionTicket until write.
-  * Predeclare enums in base.h
-  * Require certificates under name constraints use SANs.
-  * Make X509_verify_cert_error_string thread-safe.
-  * Disable the common name fallback on *any* SAN list.
-  * Silently ignore X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT.
-  * Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT.
-  * Give ENGINE_free a return value.
-  * Output a ClientHello during handoff.
-  * Fix and test EVP_PKEY_CTX copying.
-  * Test copying an EVP_MD_CTX.
-  * Fix EVP_CIPHER_CTX_copy for AES-GCM.
-  * Check key sizes in AES_set_*_key.
-  * Add missing nonce_len check to aead_aes_gcm_siv_asm_open.
-  * Test AES-GCM-SIV with OPENSSL_SMALL.
-  * Handle CBB_cleanup on child CBBs more gracefully.
-  * Update third_party/googletest.
-  * Rename 'md' output parameter to 'out' and add bounds.
-  * Update other build tools.
-  * Update SDE to 8.35.0-2019-03-11.
-  * nit: Update references to draft-ietf-tls-subcerts.
-  * Support get versions with get_{min,max}_proto_version for context
-  * Update ImplDispatchTest for bsaes-x86_64 removal.
-  * Unwind the large_inputs hint in aes_ctr_set_key.
-  * Add an optimized x86_64 vpaes ctr128_f and remove bsaes.
-  * Add 16384 to the default bssl speed sizes.
-  * Rewrite BN_CTX.
-  * Save a temporary in BN_mod_exp_mont's w=1 case.
-  * Reject long inputs in c2i_ASN1_INTEGER.
-  * Harden the lower level parts of crypto/asn1 against overflows.
-  * Remove d2i_ASN1_UINTEGER.
-  * Drop some unused bsaes to aes_nohw dependencies.
-  * Adapt gcm_*_neon to aarch64.
-  * Patch out the aes_nohw fallback in bsaes_cbc_encrypt.
-  * Patch out the aes_nohw fallback in bsaes_ctr32_encrypt_blocks.
-  * Implement sk_find manually.
-  * Make vpaes-armv8.pl compatible with XOM.
-  * Support three-argument instructions on x86-64.
-  * Correct outdated comments
-  * Remove SSL_get_structure_sizes.
-  * Prefer vpaes over bsaes in AES-GCM-SIV and AES-CCM.
-  * Tell ASan about the OPENSSL_malloc prefix.
-  * modes/asm/ghash-armv4.pl: address "infixes are deprecated" warnings.
-  * Enable vpaes for aarch64, with CTR optimizations.
-  * Check in vpaes-armv8.pl from OpenSSL unused and unmodified.
-  * silence unused variable warnings when using OPENSSL_clear_free
-  * Handle NULL public key in |EC_KEY_set_public_key|.
-  * Add a 32-bit SSSE3 GHASH implementation.
-  * Also include abi_test.cc in ssl_test_files.
-  * Don't pull abi_test.cc into non-GTest targets.
-  * Update *_set_cert_cb documentation regarding resumption
-  * Add a reference for Linux ARM ABI.
-  * Remove __ARM_ARCH__ guard on gcm_*_v8.
-  * Fix bsaes-armv7.pl getting disabled by accident.
-  * Add an option to configure bssl speed chunk size.
-  * Appease GCC's uninitialized value warning.
-  * Set VPAES flags in x86-64 code.
-  * Enable vpaes for AES_* functions.
-  * Avoid double-dispatch with AES_* vs aes_nohw_*.
-  * Add uint64_t support in CBS and CBB.
-  * Clear out a bunch of -Wextra-semi warnings.
-  * Add compiled python files to .gitignore.
-  * Fix x86_64-xlate.pl comment regex.
-  * Add go 1.11 to go.mod.
-  * Remove STRICT_ALIGNMENT code from modes.
-  * Remove non-STRICT_ALIGNMENT code from xts.c.
-  * Patch XTS out of ARMv7 bsaes too.
-  * Remove stray prototype.
-  * Always define GHASH.
-  * Update delegated credentials to draft-03
-  * Use Windows symbol APIs in the unwind tester.
-  * Unwind RDRAND functions correctly on Windows.
-  * Patch out unused aesni-x86_64 functions.
-  * Add ABI tests for aesni-gcm-x86_64.pl.
-  * Add ABI tests for x86_64-mont5.pl.
-  * sync EVP_get_cipherbyname with EVP_do_all_sorted
-  * Hyperlink DOI to preferred resolver
-  * Remove stray semicolons.
-  * Remove separate default group list for servers.
-  * Enable all curves (inc CECPQ2) during fuzzing.
-  * Implement ABI testing for aarch64.
-  * Fix ABI error in bn_mul_mont on aarch64.
-  * Implement ABI testing for ARM.
-  * Fix the order of Windows unwind codes.
-  * Implement unwind testing for Windows.
-  * Tolerate spaces when parsing .type directives.
-  * runner: Don't generate an RSA key on startup.
-  * Don't use bsaes over vpaes for CTR-DRBG.
-  * perlasm/x86_64-xlate.pl: refine symbol recognition in .xdata.
-  * Add instructions for debugging on Android with gdb.
-  * Enforce key usage for RSA keys in TLS 1.2.
-  * Remove infra/config folder in master branch.
-  * Avoid SCT/OCSP extensions in SH on {Omit|Empty}Extensions
-  * Test and fix an ABI issue with small parameters.
-  * Add RSAZ ABI tests.
-  * Better document RSAZ and tidy up types.
-  * Add ABI testing for 32-bit x86.
-  * Add a very roundabout EC keygen API.
-  * Add some Node compatibility functions.
-  * Implement server support for delegated credentials.
-  * Add a constant-time pshufb-based GHASH implementation.
-  * Tweak some slightly fragile tests.
-  * Make 256-bit ciphers a preference for CECPQ2, not a requirement.
-  * Update comments around JDK11 workaround.
-  * Add a RelWithAsserts build configuration.
-  * Remove union from |SHA512_CTX|.
-  * Avoid unwind tests on libc functions.
-  * Don't pass NULL,0 to qsort.
-  * Fix signed left-shifts in curve25519.c.
-  * Add an option to build with UBSan.
-  * Fix undefined pointer casts in SHA-512 code.
-  * HRSS: flatten sample distribution.
-  * Add test of assembly code dispatch.
-  * Simplify HRSS mod3 circuits.
-  * Add SSL_OP_NO_RENEGOTIATION
-  * Rename Fiat include files to end in .h
-  * Switch to new fiat pipeline.
-  * Don't look for libunwind if cross-compiling.
-  * Mark some unmarked array sizes in curve25519.c.
-  * Revert "Fix protos_len size in SSL_set_alpn_protos and SSL_CTX_set_alpn_protos"
-  * Add ABI tests for GCM.
-  * Fix SSL_R_TOO_MUCH_READ_EARLY_DATA.
-  * Test CRYPTO_gcm128_tag in gcm_test.cc.
-  * Remove pointer cast in P-256 table.
-  * Ignore new fields in forthcoming Wycheproof tests.
-  * Fix RSAZ's OPENSSL_cleanse.
-  * Allow configuring QUIC method per-connection
-  * Fix header file for _byteswap_ulong and _byteswap_uint64 from MSVC CRT
-  * Add ABI tests for HRSS assembly.
-  * Add AES ABI tests.
-  * Move aes_nohw, bsaes, and vpaes prototypes to aes/internal.h.
-  * Add direction flag checking to CHECK_ABI.
-  * Add ABI tests for ChaCha20_ctr32.
-  * Add ABI tests for MD5.
-  * Refresh fuzzer corpus.
-  * Delete the variants/draft code.
-  * Update tools.
-  * Fix protos_len size in SSL_set_alpn_protos and SSL_CTX_set_alpn_protos
-  * Use handshake parameters to decide if cert/key are available
-  * Add ABI tests for bn_mul_mont.
-  * Add ABI tests for SHA*.
-  * Make pkg-config optional.
-  * Add DEPS rules to checkout Windows SDE.
-  * Add ABI tests for rdrand.
-  * Set NIDs for Blowfish and CAST.
-  * Add a CFI tester to CHECK_ABI.
-  * Fix some size_t to long casts.
-  * Add EVP_CIPHER support for Blowfish and CAST to decrepit.
-  * Be less clever with CHECK_ABI.
-  * Update SDE and add the Windows version.
-  * Remove pooling of PRNG state.
-  * Add EC_KEY_key2buf for OpenSSL compatibility
-  * Remove bundled copy of android-cmake.
-  * Clarify build requirements.
-  * Add EC_GROUP_order_bits for OpenSSL compatibility
-  * Annotate leaf functions with .cfi_{startproc,endproc}
-  * Fix beeu_mod_inverse_vartime CFI annotations and preamble.
-  * Fix CFI annotations in p256-x86_64-asm.pl.
-  * Add a comment about ecp_nistz256_point_add_affine's limitations.
-  * Refresh p256-x86_64_tests.txt.
-  * Fix some indentation nits.
-- Build using ninja
-- Update dependencies
-- Bump soversion
-- Limit building only to supported architectures
-
-* Fri Aug 30 2019 Martin Pluskal <mpluskal@suse.com>
-- Disable lto to fix build failure
-
-* Thu Apr 25 2019 Michał Rostecki <mrostecki@opensuse.org>
-- Add patch which fixes build on aarch64.
-  * 0001-crypto-Fix-aead_test-build-on-aarch64.patch
-
-* Thu Apr 25 2019 dmueller@suse.com
-- Update to version 20181228:
-  * Use thread-local storage for PRNG states if fork-unsafe buffering is enabled.
-  * Add Win64 SEH unwind codes for the ABI test trampoline.
-  * Translate .L directives inside .byte too.
-  * Add an ABI testing framework.
-  * Use same HKDF label as TLS 1.3 for QUIC as per draft-ietf-quic-tls-17
-  * Add |SSL_key_update|.
-  * HRSS: omit reconstruction of ciphertext.
-  * Add start of infrastructure for checking constant-time properties.
-  * Don't enable intrinsics on x86 without ABI support.
-  * HRSS: be strict about unused bits being zero.
-  * Disable AES-GCM-SIV assembly on Windows.
-  * Fix typo in AES-GCM-SIV comments.
-  * Fix HRSS build error on ARM
-  * Fix thread-safety bug in SSL_get_peer_cert_chain.
-  * Remove HRSS confirmation hash.
-  * Drop NEON assembly for HRSS.
-  * Add |SSL_export_traffic_secrets|.
-  * Patch out the XTS implementation in bsaes.
-  * Remove .file and .loc directives from HRSS ARM asm.
-  * Do not allow AES_128_GCM_SHA256 with CECPQ2.
-  * Always 16-byte align |poly| elements.
-  * Fix bug in HRSS tests.
-  * Add initial HRSS support.
-  * Forbid empty CertificateRequestsupported_signature_algorithms in TLS 1.2.
-  * Eliminate |OPENSSL_ia32cap_P| in C code in the FIPS module.
-  * Fix d2i_*_bio on partial reads.
-  * Fix |BN_HEX_FMT2|.
-  * Remove XOP code from sha512-x86_64.pl.
-  * Pretend AMD XOP was never a thing.
-  * Drop some explicit SSLKeyShare destructors.
-  * Assume hyper-threading-like vulnerabilities are always present.
-  * Replace the last CRITICAL_SECTION with SRWLOCK.
-  * Validate ClientHellos in tests some more.
-  * Re-enable AES-NI on 32-bit x86 too.
-  * Make symbol-prefixing work on 32-bit x86.
-  * Make Windows symbol-prefixing work.
-  * Support Windows-style ar files.
-  * Move __.SYMDEF handling to ar.go.
-  * Fix stack_test.cc in the prefixed build.
-  * Don't double-mangle C++ symbols on macOS.
-  * Make read_symbols.go a bit more idiomatic.
-  * Unexport and rename hex_to_string, string_to_hex, and name_cmp.
-  * Satisfy golint.
-  * Add a note that generated files are generated.
-  * Work around a JDK 11 TLS 1.3 bug.
-  * Move ARM cpuinfo functions to the header.
-  * Regenerate obj_dat.h
-  * go fmt
-  * Support execute-only memory for AArch64 assembly.
-  * Remove cacheline striping in copy_from_prebuf.
-  * Tidy up type signature of BN_mod_exp_mont_consttime table.
-  * No longer set CQ-Verified label on CQ success/failure.
-  * Print a message when simulating CPUs.
-  * Move JSON test results code into a common module.
-  * In 0RTT mode, reverify the server certificate before sending early data.
-  * Support assembly building for arm64e architecture.
-  * Simulate other ARM CPUs when running tests.
-  * Merge P-224 contract into serialisation.
-  * Contract P-224 elements before returning them.
-  * Add post-handshake support for the QUIC API.
-  * Speculatively remove __STDC_*_MACROS.
-  * Modernize OPENSSL_COMPILE_ASSERT, part 2.
-  * Switch docs to recommending NASM.
-  * Mark the |e| argument to |RSA_generate_key_ex| as const.
-  * Clean up EC_POINT to byte conversions.
-  * Need cpu.h for |OPENSSL_ia32cap_P|.
-  * Rename EC_MAX_SCALAR_*.
-  * Use EC_RAW_POINT in ECDSA.
-  * Optimize EC_GFp_mont_method's cmp_x_coordinate.
-  * Optimize EC_GFp_nistp256_method's cmp_x_coordinate.
-  * Remove unreachable code.
-  * Also accept __ARM_NEON
-  * Remove some easy BN_CTXs.
-  * Push BIGNUM out of the cmp_x_coordinate interface.
-  * Push BIGNUM out of EC_METHOD's affine coordinates hook.
-  * Fix r = p-n+epsilon ECDSA tests.
-  * Don't include openssl/ec_key.h under extern "C".
-  * Abstract hs_buf a little.
-  * Inline ec_GFp_simple_group_get_degree.
-  * Better test boundary cases of ec_cmp_x_coordinate.
-  * Fix build when bcm.c is split up.
-  * Revert "Revert "Speed up ECDSA verify on x86-64.""
-  * Make SSL_get_current_cipher valid during QUIC callbacks.
-  * Devirtualize ec_simple_{add,dbl}.
-  * Refresh fuzzer corpora for changes to split-handshake serialization.
-  * Serialize SSL curve list in handoff and check it on application.
-  * Revert "Speed up ECDSA verify on x86-64."
-  * Route the tuned add/dbl implementations out of EC_METHOD.
-  * Speed up ECDSA verify on x86-64.
-  * Include details about latest FIPS certification.
-  * Serialize SSL configuration in handoff and check it on application.
-  * Don't overflow state->calls on 16TiB RAND_bytes calls.
-  * Buffer up QUIC data within a level internally.
-  * Add an interface for QUIC integration.
-  * Remove OPENSSL_NO_THREADS.
-  * Minor fixes to bytestring.h header.
-  * Test CBC padding more aggressively.
-  * Restore CHECKED_CAST.
-  * Fix EVP_tls_cbc_digest_record is slow using SHA-384 and short messages
-  * Tidy up dsa_sign_setup.
-  * Fix the build on glibc 2.15.
-  * Modernize OPENSSL_COMPILE_ASSERT.
-  * Fix redefinition of AEAD asserts in e_aes.c.
-  * Guard sys/auxv.h include on !BORINGSSL_ANDROID.
-  * Flatten EVP_AEAD_CTX
-  * Implement SSL_get_tlsext_status_type
-  * Fix documentation sectioning.
-  * Remove support for GCC 4.7.
-  * Print the name of the binary when blocking in getrandom.
-  * Undo recent changes to |X509V3_EXT_conf_nid|.
-  * Add a compatibility EVP_CIPH_OCB_MODE value.
-  * [util] Mark srtp.h as an SSL header file
-  * [rand] Disable RandTest.Fork on Fuchsia
-  * Remove -fsanitize-cfi-icall-generalize-pointers.
-  * Fix undefined function pointer casts in LHASH.
-  * Use proper functions for lh_*.
-  * Better handle AVX-512 assembly syntax.
-  * Always push errors on BIO_read_asn1 failure.
-  * Add a per-SSL TLS 1.3 downgrade enforcement option and improve tests.
-  * Fix div.c to divide BN_ULLONG only if BN_CAN_DIVIDE_ULLONG defined.
-  * Include aes.h in mode/internal.h
-  * Fix section header capitalization.
-  * Fix build in consumers that flag unused parameters.
-  * [perlasm] Hide OPENSSL_armcap_P in assembly
-  * Test the binary search more aggressively.
-  * Opaquify CONF.
-  * Bring Mac and iOS builders back to the CQ.
-  * Remove LHASH_OF mention in X509V3_EXT_conf_nid.
-  * Inline functions are apparently really complicated.
-  * Actually disable RandTest.Fork on iOS.
-  * Mostly fix undefined casts around STACK_OF's comparator.
-  * Fix undefined casts in sk_*_pop_free and sk_*_deep_copy.
-  * Take iOS builders out of the CQ rotation too.
-  * Rewrite PEM_X509_INFO_read_bio.
-  * Fix undefined block128_f, etc., casts.
-  * Fix undefined function pointer casts in {d2i,i2d}_Foo_{bio,fp}
-  * Fix undefined function pointer casts in IMPLEMENT_PEM_*.
-  * Always print some diagnostic information when POST fails.
-  * Disable RandTest.Fork on iOS.
-  * Const-correct sk_find and sk_delete_ptr.
-  * Add a test for STACK_OF(T).
-  * Rename inject-hash: Bazel does not like hyphens.
-  * Rename OPENSSL_NO_THREADS, part 1.
-  * Fix ERR_GET_REASON checks.
-  * Add a basic test for PEM_X509_INFO_read_bio.
-  * Replace BIO_new + BIO_set_fp with BIO_new_fp.
-  * Remove Mac try jobs from the CQ.
-  * Add util/read_symbols.go
-  * Tighten up getrandom handling.
-  * Remove SHA384_Transform from sha.h.
-  * Push an error on sigalg mismatch in X509_verify.
-  * Sync bundled bits of golang.org/x/crypto.
-  * Use Go modules with delocate.
-  * Keep the GCM bits in one place.
-  * Trim 88 bytes from each AES-GCM EVP_AEAD.
-  * Set up Go modules.
-  * Use sdallocx, if available, when deallocating.
-  * Remove the add_alert hook.
-  * Fix doc.go error capitalization.
-  * Don't include quotes in heredocs.
-  * Add missing bssl::UpRef overloads.
-  * Roll back clang revision.
-  * Update tools.
-  * Fix BORINGSSL_NO_CXX.
-  * Fix check of the pointer returned by BN_CTX_get
-  * Include newlines at the end of generated asm.
-  * Automatically disable assembly with MSAN.
-  * Mark the C version of md5_block_data_order static.
-  * Reorder some extensions to better match Firefox.
-  * Make symbol-prefixing work on ARM.
-  * Document alternative functions to BIO_f_base64.
-  * Another batch of bools.
-  * Add some RAND_bytes tests.
-  * Support symbol prefixes
-  * Fill in a fake session ID for TLS 1.3.
-  * Create output directories for perlasm.
-  * Fix Fiat path.
-  * Fix GCC (8.2.1) build error.
-  * Some more bools.
-  * Flatten most of the crypto target.
-  * Flatten assembly files.
-  * Flatten the decrepit target.
-  * Clarify "reference" and fix typo.
-  * Fix corner case in cpuinfo parser.
-  * Add some about ownership to API-CONVENTIONS.
-  * Tidy up docs for #defines.
-  * No negative moduli.
-  * Document that ED25519_sign only fails on allocation failure
-  * Clarify thread-safety of key objects.
-  * shim: don't clear environment when invoking handshaker.
-  * Switch the default TLS 1.3 variant to tls13_rfc.
-  * Switch to Clang 6.0's fuzzer support.
-
-* Tue Dec 11 2018 Jan Engelhardt <jengelh@inai.de>
-- Trim redundant wording. Use multi-file find -exec invocation.
-
-* Fri Nov 16 2018 Michał Rostecki <mrostecki@suse.de>
-- To avoid conflicts with openssl development files, change all
-  includes from openssl to boringssl.
-
-* Fri Nov  9 2018 Martin Pluskal <mpluskal@suse.com>
-- Use optflags when building
-- Do not create empty package
-
-* Thu Nov  8 2018 Michał Rostecki <mrostecki@suse.de>
-- Update to version 20181026:
-  * Automatically disable assembly with MSAN.
-  * Switch the default TLS 1.3 variant to tls13_rfc.
-
-* Wed Nov  7 2018 Michał Rostecki <mrostecki@suse.de>
-- Update to version 20181106:
-  * Make SSL_get_current_cipher valid during QUIC callbacks.
-  * Devirtualize ec_simple_{add,dbl}.
-  * Refresh fuzzer corpora for changes to split-handshake serialization.
-  * Serialize SSL curve list in handoff and check it on application.
-  * Revert "Speed up ECDSA verify on x86-64."
-  * Route the tuned add/dbl implementations out of EC_METHOD.
-  * Speed up ECDSA verify on x86-64.
-  * Include details about latest FIPS certification.
-  * Serialize SSL configuration in handoff and check it on application.
-  * Don't overflow state->calls on 16TiB RAND_bytes calls.
-- Use tar_scm service for fetching sources and versioning.
-
-* Wed Nov  7 2018 Michał Rostecki <mrostecki@suse.de>
-- Initial release - 0.0.0+git7499.6ec9e4
-- Add add-soversion-option.patch - required to build libraries with
-  soversion
diff --git a/SPECS/envoy/0001-build-Use-Go-from-host.patch b/SPECS/envoy/0001-build-Use-Go-from-host.patch
index 7995c74b075..382a1c750fd 100644
--- a/SPECS/envoy/0001-build-Use-Go-from-host.patch
+++ b/SPECS/envoy/0001-build-Use-Go-from-host.patch
@@ -1,26 +1,13 @@
-From b7298002d0d801506f9f88d9b7d17a075d49115c Mon Sep 17 00:00:00 2001
-From: Michal Rostecki <mrostecki@opensuse.org>
-Date: Thu, 20 Aug 2020 20:24:23 +0200
-Subject: [PATCH 1/3] build: Use Go from host
-
-Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
----
- bazel/dependency_imports.bzl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
 diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl
-index 051923e31..2e4c187b6 100644
+index 6a12830..f6d31cf 100644
 --- a/bazel/dependency_imports.bzl
 +++ b/bazel/dependency_imports.bzl
-@@ -6,7 +6,7 @@ load("@build_bazel_rules_apple//apple:repositories.bzl", "apple_rules_dependenci
- load("@upb//bazel:repository_defs.bzl", upb_bazel_version_repository = "bazel_version_repository")
+@@ -11,7 +11,7 @@ load("@proxy_wasm_rust_sdk//bazel:dependencies.bzl", "proxy_wasm_rust_sdk_depend
+ load("@rules_cc//cc:repositories.bzl", "rules_cc_dependencies", "rules_cc_toolchains")
  
  # go version for rules_go
--GO_VERSION = "1.13.5"
+-GO_VERSION = "1.17.5"
 +GO_VERSION = "host"
  
  def envoy_dependency_imports(go_version = GO_VERSION):
-     rules_foreign_cc_dependencies()
--- 
-2.28.0
-
+     # TODO: allow building of tools for easier onboarding
diff --git a/SPECS/envoy/0002-build-update-several-go-dependencies-11581.patch b/SPECS/envoy/0002-build-update-several-go-dependencies-11581.patch
deleted file mode 100644
index 3cd48177b76..00000000000
--- a/SPECS/envoy/0002-build-update-several-go-dependencies-11581.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 6c3d1e987d26d747b34540cc61c504bae3a4736e Mon Sep 17 00:00:00 2001
-From: Lizan Zhou <lizan@tetrate.io>
-Date: Sat, 13 Jun 2020 19:02:14 -0700
-Subject: [PATCH 2/3] build: update several go dependencies (#11581)
-
-Signed-off-by: Lizan Zhou <lizan@tetrate.io>
----
- bazel/dependency_imports.bzl   | 4 ++--
- bazel/repository_locations.bzl | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl
-index 2e4c187b6..7c74d2b34 100644
---- a/bazel/dependency_imports.bzl
-+++ b/bazel/dependency_imports.bzl
-@@ -21,8 +21,8 @@ def envoy_dependency_imports(go_version = GO_VERSION):
-         name = "org_golang_google_grpc",
-         build_file_proto_mode = "disable",
-         importpath = "google.golang.org/grpc",
--        sum = "h1:AzbTB6ux+okLTzP8Ru1Xs41C303zdcfEht7MQnYJt5A=",
--        version = "v1.23.0",
-+        sum = "h1:EC2SB8S04d2r73uptxphDSUG+kTKVgjRPF+N3xpxRB4=",
-+        version = "v1.29.1",
-     )
- 
-     go_repository(
-diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
-index 3f24f410b..5591fbb78 100644
---- a/bazel/repository_locations.bzl
-+++ b/bazel/repository_locations.bzl
-@@ -241,8 +241,8 @@ REPOSITORY_LOCATIONS = dict(
-         urls = ["https://github.com/grpc-ecosystem/grpc-httpjson-transcoding/archive/faf8af1e9788cd4385b94c8f85edab5ea5d4b2d6.tar.gz"],
-     ),
-     io_bazel_rules_go = dict(
--        sha256 = "e88471aea3a3a4f19ec1310a55ba94772d087e9ce46e41ae38ecebe17935de7b",
--        urls = ["https://github.com/bazelbuild/rules_go/releases/download/v0.20.3/rules_go-v0.20.3.tar.gz"],
-+        sha256 = "a8d6b1b354d371a646d2f7927319974e0f9e52f73a2452d2b3877118169eb6bb",
-+        urls = ["https://github.com/bazelbuild/rules_go/releases/download/v0.23.3/rules_go-v0.23.3.tar.gz"],
-     ),
-     rules_foreign_cc = dict(
-         sha256 = "3184c244b32e65637a74213fc448964b687390eeeca42a36286f874c046bba15",
--- 
-2.28.0
-
diff --git a/SPECS/envoy/0002-disable-wee8-mismatched-new-delete-warning.patch b/SPECS/envoy/0002-disable-wee8-mismatched-new-delete-warning.patch
new file mode 100644
index 00000000000..7294268b472
--- /dev/null
+++ b/SPECS/envoy/0002-disable-wee8-mismatched-new-delete-warning.patch
@@ -0,0 +1,25 @@
+diff --git a/bazel/external/wee8.BUILD b/bazel/external/wee8.BUILD
+index ee56998..79f5e62 100644
+--- a/bazel/external/wee8.BUILD
++++ b/bazel/external/wee8.BUILD
+@@ -17,6 +17,7 @@ cc_library(
+         ]),
+     copts = [
+         "-Wno-range-loop-analysis",
++        "-Wno-mismatched-new-delete",
+     ],
+     defines = [
+         "V8_ENABLE_WEBASSEMBLY",
+diff --git a/bazel/external/wee8.genrule_cmd b/bazel/external/wee8.genrule_cmd
+index c01a8c5..1453d91 100644
+--- a/bazel/external/wee8.genrule_cmd
++++ b/bazel/external/wee8.genrule_cmd
+@@ -29,7 +29,7 @@ rm -rf out/wee8
+ 
+ # Export compiler configuration.
+ export CFLAGS="$${CFLAGS-} -Wno-unknown-warning-option"
+-export CXXFLAGS="$${CXXFLAGS-} -Wno-sign-compare -Wno-deprecated-copy -Wno-unknown-warning-option -Wno-range-loop-analysis -Wno-shorten-64-to-32 -Wno-invalid-offsetof"
++export CXXFLAGS="$${CXXFLAGS-} -Wno-sign-compare -Wno-deprecated-copy -Wno-unknown-warning-option -Wno-range-loop-analysis -Wno-shorten-64-to-32 -Wno-invalid-offsetof -Wno-mismatched-new-delete"
+ if [[ ( $${SYSTEM} == "Darwin" && $${CXX-} == "" ) || $${CXX-} == *clang* ]]; then
+   export CC=$${CC:-clang}
+   export CXX=$${CXX:-clang++}
diff --git a/SPECS/envoy/0003-build-Add-explicit-requirement-on-rules_cc.patch b/SPECS/envoy/0003-build-Add-explicit-requirement-on-rules_cc.patch
deleted file mode 100644
index 14d779294e7..00000000000
--- a/SPECS/envoy/0003-build-Add-explicit-requirement-on-rules_cc.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 985ab6187924735a335a8ddb7b5e9c042e47cd81 Mon Sep 17 00:00:00 2001
-From: Michal Rostecki <mrostecki@opensuse.org>
-Date: Fri, 11 Sep 2020 00:24:03 +0200
-Subject: [PATCH 3/3] build: Add explicit requirement on rules_cc
-
-Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
----
- bazel/repositories.bzl         | 1 +
- bazel/repository_locations.bzl | 6 ++++++
- 2 files changed, 7 insertions(+)
-
-diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl
-index 415455e58..29a8682c3 100644
---- a/bazel/repositories.bzl
-+++ b/bazel/repositories.bzl
-@@ -153,6 +153,7 @@ def envoy_dependencies(skip_targets = []):
-     _repository_impl("bazel_toolchains")
-     _repository_impl("bazel_compdb")
-     _repository_impl("envoy_build_tools")
-+    _repository_impl("rules_cc")
- 
-     # Unconditional, since we use this only for compiler-agnostic fuzzing utils.
-     _org_llvm_releases_compiler_rt()
-diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
-index 5591fbb78..ef9078f0e 100644
---- a/bazel/repository_locations.bzl
-+++ b/bazel/repository_locations.bzl
-@@ -244,11 +244,17 @@ REPOSITORY_LOCATIONS = dict(
-         sha256 = "a8d6b1b354d371a646d2f7927319974e0f9e52f73a2452d2b3877118169eb6bb",
-         urls = ["https://github.com/bazelbuild/rules_go/releases/download/v0.23.3/rules_go-v0.23.3.tar.gz"],
-     ),
-+    rules_cc = dict(
-+        sha256 = "71d037168733f26d2a9648ad066ee8da4a34a13f51d24843a42efa6b65c2420f",
-+        strip_prefix = "rules_cc-b1c40e1de81913a3c40e5948f78719c28152486d",
-+        # 2020-11-11
-+        urls = ["https://github.com/bazelbuild/rules_cc/archive/b1c40e1de81913a3c40e5948f78719c28152486d.tar.gz"],
-+    ),
-     rules_foreign_cc = dict(
--        sha256 = "3184c244b32e65637a74213fc448964b687390eeeca42a36286f874c046bba15",
--        strip_prefix = "rules_foreign_cc-7bc4be735b0560289f6b86ab6136ee25d20b65b7",
--        # 2019-09-26
--        urls = ["https://github.com/bazelbuild/rules_foreign_cc/archive/7bc4be735b0560289f6b86ab6136ee25d20b65b7.tar.gz"],
-+        sha256 = "e7446144277c9578141821fc91c55a61df7ae01bda890902f7286f5fd2f6ae46",
-+        strip_prefix = "rules_foreign_cc-d54c78ab86b40770ee19f0949db9d74a831ab9f0",
-+        # 2020-10-26
-+        urls = ["https://github.com/bazelbuild/rules_foreign_cc/archive/d54c78ab86b40770ee19f0949db9d74a831ab9f0.tar.gz"],
-     ),
-     rules_python = dict(
-         sha256 = "aa96a691d3a8177f3215b14b0edc9641787abaaa30363a080165d06ab65e1161",
--- 
-2.28.0
-
diff --git a/SPECS/envoy/0004-build-Use-new-bazel.patch b/SPECS/envoy/0004-build-Use-new-bazel.patch
deleted file mode 100644
index 9dee5a33265..00000000000
--- a/SPECS/envoy/0004-build-Use-new-bazel.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff --git a/.bazelversion b/.bazelversion
-index ccbccc3..ee74734 100644
---- a/.bazelversion
-+++ b/.bazelversion
-@@ -1 +1 @@
--2.2.0
-+4.1.0
-diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
-index 3f24f41..76dd1df 100644
---- a/bazel/repository_locations.bzl
-+++ b/bazel/repository_locations.bzl
-@@ -9,11 +9,11 @@ REPOSITORY_LOCATIONS = dict(
-         urls = ["https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.19.1/bazel-gazelle-v0.19.1.tar.gz"],
-     ),
-     bazel_toolchains = dict(
--        sha256 = "1342f84d4324987f63307eb6a5aac2dff6d27967860a129f5cd40f8f9b6fd7dd",
--        strip_prefix = "bazel-toolchains-2.2.0",
-+        sha256 = "179ec02f809e86abf56356d8898c8bd74069f1bd7c56044050c2cd3d79d0e024",
-+        strip_prefix = "bazel-toolchains-4.1.0",
-         urls = [
--            "https://github.com/bazelbuild/bazel-toolchains/releases/download/2.2.0/bazel-toolchains-2.2.0.tar.gz",
--            "https://mirror.bazel.build/github.com/bazelbuild/bazel-toolchains/archive/2.2.0.tar.gz",
-+            "https://github.com/bazelbuild/bazel-toolchains/releases/download/4.1.0/bazel-toolchains-4.1.0.tar.gz",
-+            "https://mirror.bazel.build/github.com/bazelbuild/bazel-toolchains/archive/4.1.0.tar.gz",
-         ],
-     ),
-     build_bazel_rules_apple = dict(
diff --git a/SPECS/envoy/envoy.signatures.json b/SPECS/envoy/envoy.signatures.json
index 40f40c37eb2..e5bdf8574d1 100644
--- a/SPECS/envoy/envoy.signatures.json
+++ b/SPECS/envoy/envoy.signatures.json
@@ -1,7 +1,8 @@
 {
  "Signatures": {
-  "envoy-1.14.4-vendor.tar.gz": "ccf6d0d8ab0de10c713ab3234afe97a46a699f8af4cc935df172393479e6ff9a",
-  "envoy-1.14.4.tar.gz": "d7f9ed0dc3aac91f1050502bb0d7ea1e457e31afc609438f967d68172727e1a9",
+  "envoy-1.21.0-gocache.tar.gz": "46a2ff81e05ea58efdd4bf6de2712672eadeb1657e6114e549dda54d3c786538",
+  "envoy-1.21.0-vendor.tar.gz": "b678250424661445dc12e8d9599093284b3d77632d461057ec78abab7bcaa561",
+  "envoy-1.21.0.tar.gz": "5fc280c5dd60b817bbc801f0c29ed5efea9d74b3d7d381bc940c61171b40963b",
   "envoy-rpmlintrc": "8b9331ceac885edc8b87416a9651496a88b03b6c6ff3bc836f8fcc3ad26eaa09"
  }
 }
\ No newline at end of file
diff --git a/SPECS/envoy/envoy.spec b/SPECS/envoy/envoy.spec
index 532e6f4aa28..7c4eb67f803 100644
--- a/SPECS/envoy/envoy.spec
+++ b/SPECS/envoy/envoy.spec
@@ -15,92 +15,59 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
-
+# Some external dependencies of envoy have no build-ids and thus will cause 
+# errors when performing rpm stripping, and thus disable it
+%global __strip /bin/true
 %define _dwz_low_mem_die_limit  20000000
 %define _dwz_max_die_limit     100000000
 %define src_install_dir %{_prefix}/src/%{name}
 Summary:        L7 proxy and communication bus
 Name:           envoy
-Version:        1.14.4
-Release:        4%{?dist}
+Version:        1.21.0
+Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 URL:            https://www.envoyproxy.io/
 #Source0:       https://github.com/envoyproxy/envoy/archive/refs/tags/v%{version}.tar.gz
 Source0:        %{name}-%{version}.tar.gz
-# Refer to https://github.com/kubic-project/obs-service-bazel_repositories/blob/master/README.md
-# regarding how to generate the vendor source
-# AUTOGENERATED BY obs-service-bazel_repositories
-# vendor.tar.gz contains the following dependencies:
-# - https://github.com/Cyan4973/xxHash/archive/v0.7.3.tar.gz
-# - https://github.com/DataDog/dd-opentracing-cpp/archive/v1.1.3.tar.gz
-# - https://github.com/LuaJIT/LuaJIT/archive/v2.1.0-beta3.tar.gz
-# - https://github.com/Tencent/rapidjson/archive/dfbe1db9da455552f7a9ad5d2aea17dd9d832ac1.tar.gz
-# - https://github.com/abseil/abseil-cpp/archive/06f0e767d13d4d68071c4fc51e25724e0fc8bc74.tar.gz
-# - https://github.com/apache/kafka/archive/2.4.0.zip
-# - https://github.com/bazelbuild/apple_support/releases/download/0.7.2/apple_support.0.7.2.tar.gz
-# - https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.19.1/bazel-gazelle-v0.19.1.tar.gz
-# - https://github.com/bazelbuild/bazel-skylib/releases/download/0.9.0/bazel_skylib-0.9.0.tar.gz
-# - https://github.com/bazelbuild/bazel-toolchains/releases/download/2.2.0/bazel-toolchains-2.2.0.tar.gz
-# - https://github.com/bazelbuild/platforms/archive/9ded0f9c3144258dad27ad84628845bcd7ca6fe6.zip
-# - https://github.com/bazelbuild/rules_apple/releases/download/0.19.0/rules_apple.0.19.0.tar.gz
-# - https://github.com/bazelbuild/rules_cc/archive/818289e5613731ae410efb54218a4077fb9dbb03.tar.gz
-# - https://github.com/bazelbuild/rules_foreign_cc/archive/7bc4be735b0560289f6b86ab6136ee25d20b65b7.tar.gz
-# - https://github.com/bazelbuild/rules_go/releases/download/v0.23.3/rules_go-v0.23.3.tar.gz
-# - https://github.com/bazelbuild/rules_java/archive/7cf3cefd652008d0a64a419c34c13bdca6c8f178.zip
-# - https://github.com/bazelbuild/rules_proto/archive/2c0468366367d7ed97a1f702f9cd7155ab3f73c5.tar.gz
-# - https://github.com/bazelbuild/rules_python/releases/download/0.0.1/rules_python-0.0.1.tar.gz
-# - https://github.com/bazelbuild/rules_swift/releases/download/0.13.0/rules_swift.0.13.0.tar.gz
-# - https://github.com/c-ares/c-ares/archive/d7e070e7283f822b1d2787903cce3615536c5610.tar.gz
-# - https://github.com/census-instrumentation/opencensus-cpp/archive/04ed0211931f12b03c1a76b3907248ca4db7bc90.tar.gz
-# - https://github.com/census-instrumentation/opencensus-proto/archive/be218fb6bd674af7519b1850cdf8410d8cbd48e8.tar.gz
-# - https://github.com/circonus-labs/libcircllhist/archive/63a16dd6f2fc7bc841bb17ff92be8318df60e2e1.tar.gz
-# - https://github.com/cncf/udpa/archive/e8cd3a4bb307e2c810cffff99f93e96e6d7fee85.tar.gz
-# - https://github.com/envoyproxy/envoy-build-tools/archive/84ca08de00eedd0ba08e7d5551108d6f03f5d362.tar.gz
-# - https://github.com/envoyproxy/protoc-gen-validate/archive/ab56c3dd1cf9b516b62c5087e1ec1471bd63631e.tar.gz
-# - https://github.com/envoyproxy/sql-parser/archive/b14d010afd4313f2372a1cc96aa2327e674cc798.tar.gz
-# - https://github.com/fmtlib/fmt/archive/6.0.0.tar.gz
-# - https://github.com/gabime/spdlog/archive/v1.4.0.tar.gz
-# - https://github.com/golang/protobuf/archive/v1.4.1.zip
-# - https://github.com/golang/tools/archive/2bc93b1c0c88b2406b967fcd19a623d1ff9ea0cd.zip
-# - https://github.com/google/cel-cpp/archive/80e1cca533190d537a780ad007e8db64164c582e.tar.gz
-# - https://github.com/google/jwt_verify_lib/archive/40e2cc938f4bcd059a97dc6c73f59ecfa5a71bac.tar.gz
-# - https://github.com/google/re2/archive/2020-03-03.tar.gz
-# - https://github.com/googleapis/googleapis/archive/82944da21578a53b74e547774cf62ed31a05b841.tar.gz
-# - https://github.com/gperftools/gperftools/archive/gperftools-2.7.90.tar.gz
-# - https://github.com/grpc-ecosystem/grpc-httpjson-transcoding/archive/faf8af1e9788cd4385b94c8f85edab5ea5d4b2d6.tar.gz
-# - https://github.com/grpc/grpc/archive/d8f4928fa779f6005a7fe55a176bdb373b0f910f.tar.gz
-# - https://github.com/jbeder/yaml-cpp/archive/yaml-cpp-0.6.3.tar.gz
-# - https://github.com/libevent/libevent/archive/0d7d85c2083f7a4c9efe01c061486f332b576d28.tar.gz
-# - https://github.com/lightstep/lightstep-tracer-cpp/archive/3efe2372ee3d7c2138d6b26e542d757494a7938d.tar.gz
-# - https://github.com/mirror/tclap/archive/tclap-1-2-1-release-final.tar.gz
-# - https://github.com/moonjit/moonjit/archive/2.2.0.tar.gz
-# - https://github.com/msgpack/msgpack-c/releases/download/cpp-3.2.1/msgpack-3.2.1.tar.gz
-# - https://github.com/nodejs/http-parser/archive/v2.9.3.tar.gz
-# - https://github.com/opentracing/opentracing-cpp/archive/v1.5.1.tar.gz
-# - https://github.com/openzipkin/zipkin-api/archive/0.2.2.tar.gz
-# - https://github.com/pallets/jinja/archive/2.10.3.tar.gz
-# - https://github.com/pallets/markupsafe/archive/1.1.1.tar.gz
-# - https://github.com/prometheus/client_model/archive/99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c.tar.gz
-# - https://github.com/protocolbuffers/protobuf-go/archive/v1.22.0.zip
-# - https://github.com/protocolbuffers/protobuf/releases/download/v3.10.1/protobuf-all-3.10.1.tar.gz
-# - https://github.com/protocolbuffers/upb/archive/8a3ae1ef3e3e3f26b45dec735c5776737fc7247f.tar.gz
-# - https://mirror.bazel.build/github.com/bazelbuild/platforms/archive/9ded0f9c3144258dad27ad84628845bcd7ca6fe6.zip
-# - https://mirror.bazel.build/github.com/bazelbuild/rules_java/archive/7cf3cefd652008d0a64a419c34c13bdca6c8f178.zip
-# - https://mirror.bazel.build/github.com/golang/protobuf/archive/v1.4.1.zip
-# - https://mirror.bazel.build/github.com/golang/tools/archive/2bc93b1c0c88b2406b967fcd19a623d1ff9ea0cd.zip
-# - https://mirror.bazel.build/github.com/protocolbuffers/protobuf-go/archive/v1.22.0.zip
+# Below is a manually created tarball, no download link.
+# We're using pre-populated external dependencies from this tarball, since network is disabled during build time.
+#   1. wget https://github.com/envoyproxy/envoy/archive/refs/tags/v%{version}.tar.gz -o %%{name}-%%{version}.tar.gz
+#   2. tar -xf %%{name}-%%{version}.tar.gz
+#   3. cd %%{name}-%%{version}
+#   4. patch -p1 < 0001-build-Use-Go-from-host.patch
+#   5. mkdir -p BAZEL_CACHE
+#   6. bazel fetch --repository_cache=BAZEL_CACHE //...
+#   7. tar  --sort=name \
+#           --mtime="2021-04-26 00:00Z" \
+#           --owner=0 --group=0 --numeric-owner \
+#           --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+#           -cf %%{name}-%%{version}-vendor.tar.gz BAZEL_CACHE
 Source1:        %{name}-%{version}-vendor.tar.gz
-# END obs-service-bazel_repositories
+# Bazel fetch is not capable of prefetching and caching all external dependencies, thus
+# introduce this second source to satisfy the dependency requirements. See this link for more
+# detailed explanation: https://github.com/bazelbuild/bazel/issues/5175
+# Below is a manually created tarball, no download link.
+# We're using pre-populated external dependencies from this tarball, since network is disabled during build time.
+#   1. wget https://github.com/envoyproxy/envoy/archive/refs/tags/v%{version}.tar.gz -o %%{name}-%%{version}.tar.gz
+#   2. tar -xf %%{name}-%%{version}.tar.gz
+#   3. cd %%{name}-%%{version}
+#   4. patch -p1 < 0001-build-Use-Go-from-host.patch
+#   5. mkdir -p BAZEL_CACHE
+#   6. bazel fetch --repository_cache=BAZEL_CACHE //source/exe:envoy
+#   7. cd $(bazel info output_base)
+#   8. tar  --sort=name \
+#           --mtime="2021-04-26 00:00Z" \
+#           --owner=0 --group=0 --numeric-owner \
+#           --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+#           -cf %%{name}-%%{version}-gocache.tar.gz external
+Source2:        %{name}-%{version}-gocache.tar.gz
 Source100:      %{name}-rpmlintrc
 Patch0:         0001-build-Use-Go-from-host.patch
-Patch1:         0002-build-update-several-go-dependencies-11581.patch
-Patch2:         0003-build-Add-explicit-requirement-on-rules_cc.patch
-Patch3:         0004-build-Use-new-bazel.patch
+Patch1:         0002-disable-wee8-mismatched-new-delete-warning.patch
 BuildRequires:  bazel
 BuildRequires:  bazel-workspaces
-BuildRequires:  boringssl-source
 BuildRequires:  c-ares-devel
 BuildRequires:  cmake
 BuildRequires:  fdupes
@@ -121,66 +88,8 @@ BuildRequires:  python3-jinja2
 BuildRequires:  python3-markupsafe
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(openssl)
-# AUTOGENERATED BY obs-service-bazel_repositories
-Provides:       bundled(abseil-cpp) = 06f0e767d13d4d68071c4fc51e25724e0fc8bc74
-Provides:       bundled(apple_support) = 0.7.2
-Provides:       bundled(bazel-gazelle) = 0.19.1
-Provides:       bundled(bazel-skylib) = 0.9.0
-Provides:       bundled(bazel-toolchains) = 4.1.0
-Provides:       bundled(c-ares) = d7e070e7283f822b1d2787903cce3615536c5610
-Provides:       bundled(cel-cpp) = 80e1cca533190d537a780ad007e8db64164c582e
-Provides:       bundled(client_model) = 99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c
-Provides:       bundled(dd-opentracing-cpp) = 1.1.3
-Provides:       bundled(envoy-build-tools) = 84ca08de00eedd0ba08e7d5551108d6f03f5d362
-Provides:       bundled(fmt) = 6.0.0
-Provides:       bundled(googleapis) = 82944da21578a53b74e547774cf62ed31a05b841
-Provides:       bundled(gperftools) = 2.7.90
-Provides:       bundled(grpc) = d8f4928fa779f6005a7fe55a176bdb373b0f910f
-Provides:       bundled(grpc-httpjson-transcoding) = faf8af1e9788cd4385b94c8f85edab5ea5d4b2d6
-Provides:       bundled(http-parser) = 2.9.3
-Provides:       bundled(jinja) = 2.10.3
-Provides:       bundled(jwt_verify_lib) = 40e2cc938f4bcd059a97dc6c73f59ecfa5a71bac
-Provides:       bundled(kafka) = 2.4.0
-Provides:       bundled(libcircllhist) = 63a16dd6f2fc7bc841bb17ff92be8318df60e2e1
-Provides:       bundled(libevent) = 0d7d85c2083f7a4c9efe01c061486f332b576d28
-Provides:       bundled(lightstep-tracer-cpp) = 3efe2372ee3d7c2138d6b26e542d757494a7938d
-Provides:       bundled(luajit) = 2.1.0
-Provides:       bundled(markupsafe) = 1.1.1
-Provides:       bundled(moonjit) = 2.2.0
-Provides:       bundled(msgpack-c) = 3.2.1
-Provides:       bundled(opencensus-cpp) = 04ed0211931f12b03c1a76b3907248ca4db7bc90
-Provides:       bundled(opencensus-proto) = be218fb6bd674af7519b1850cdf8410d8cbd48e8
-Provides:       bundled(opentracing-cpp) = 1.5.1
-Provides:       bundled(platforms) = 9ded0f9c3144258dad27ad84628845bcd7ca6fe6
-Provides:       bundled(protobuf) = 1.4.1
-Provides:       bundled(protobuf) = 3.10.1
-Provides:       bundled(protobuf-go) = 1.22.0
-Provides:       bundled(protoc-gen-validate) = ab56c3dd1cf9b516b62c5087e1ec1471bd63631e
-Provides:       bundled(rapidjson) = dfbe1db9da455552f7a9ad5d2aea17dd9d832ac1
-Provides:       bundled(re2)
-Provides:       bundled(rules_apple) = 0.19.0
-Provides:       bundled(rules_cc) = b1c40e1de81913a3c40e5948f78719c28152486d
-Provides:       bundled(rules_foreign_cc) = d54c78ab86b40770ee19f0949db9d74a831ab9f0
-Provides:       bundled(rules_go) = 0.23.3
-Provides:       bundled(rules_java) = 7cf3cefd652008d0a64a419c34c13bdca6c8f178
-Provides:       bundled(rules_proto) = 2c0468366367d7ed97a1f702f9cd7155ab3f73c5
-Provides:       bundled(rules_python) = 0.0.1
-Provides:       bundled(rules_swift) = 0.13.0
-Provides:       bundled(spdlog) = 1.4.0
-Provides:       bundled(sql-parser) = b14d010afd4313f2372a1cc96aa2327e674cc798
-Provides:       bundled(tclap)
-Provides:       bundled(tools) = 2bc93b1c0c88b2406b967fcd19a623d1ff9ea0cd
-Provides:       bundled(udpa) = e8cd3a4bb307e2c810cffff99f93e96e6d7fee85
-Provides:       bundled(upb) = 8a3ae1ef3e3e3f26b45dec735c5776737fc7247f
-Provides:       bundled(xxhash) = 0.7.3
-Provides:       bundled(yaml-cpp) = 0.6.3
-Provides:       bundled(zipkin-api) = 0.2.2
-# END obs-service-bazel_repositories
 ExcludeArch:    %{ix86}
 
-# Temp: Do not build with 2.0 toolchain
-ExclusiveArch:  mips
-
 %description
 Envoy is an L7 proxy and communication bus designed for large modern service
 oriented architectures.
@@ -211,6 +120,7 @@ rm ci/windows_ci_steps.sh
 
 # AUTOGENERATED BY obs-service-bazel_repositories
 %setup -q -T -D -a 1
+%setup -q -T -D -a 2
 # END obs-service-bazel_repositories
 
 %build
@@ -223,8 +133,6 @@ git commit -m "Dummy commit just to satisfy bazel" &> /dev/null
 
 # workaround for boo#1183836
 CC=gcc CXX=g++ bazel --batch build \
-    -c dbg \
-    --color=no \
     --copt="-fsigned-char" \
     --cxxopt="-fsigned-char" \
     --copt="-Wno-error=old-style-cast" \
@@ -235,14 +143,19 @@ CC=gcc CXX=g++ bazel --batch build \
     --cxxopt="-Wno-implicit-fallthrough"\
     --copt="-Wno-return-type" \
     --cxxopt="-Wno-return-type" \
+    --copt="-Wno-vla-parameter" \
+    --cxxopt="-Wno-vla-parameter" \
     --curses=no \
     --host_force_python=PY3 \
     --repository_cache=BAZEL_CACHE \
     --strip=never \
-    --override_repository="boringssl=%{_prefix}/src/boringssl/" \
     --override_repository="com_github_curl=%{_datadir}/bazel-workspaces/curl" \
     --override_repository="com_github_nghttp2_nghttp2=%{_datadir}/bazel-workspaces/nghttp2" \
     --override_repository="zlib=%{_datadir}/bazel-workspaces/zlib" \
+    --override_repository="org_golang_x_text=%{_builddir}/%{name}-%{version}/external/org_golang_x_text" \
+    --override_repository="com_github_spf13_afero=%{_builddir}/%{name}-%{version}/external/com_github_spf13_afero" \
+    --override_repository="com_github_lyft_protoc_gen_star=%{_builddir}/%{name}-%{version}/external/com_github_lyft_protoc_gen_star" \
+    --override_repository="com_github_iancoleman_strcase=%{_builddir}/%{name}-%{version}/external/com_github_iancoleman_strcase" \
     --verbose_failures \
 %ifarch ppc64le
     --local_cpu_resources=HOST_CPUS*.5 \
@@ -268,6 +181,24 @@ fdupes %{buildroot}%{src_install_dir}
 %{src_install_dir}
 
 %changelog
+* Thu Feb 24 2022 Henry Li <lihl@microsoft.com> - 1.21.0-1
+- Upgrade to version 1.21.0
+- Update envoy vendor source
+- Add additional pre-built vendor source that includes external go
+  dependencies
+- Remove unnecessary provides/comments that are imported from OpenSUSE
+- Remove boringssl-source as BR
+- Update 0001-build-Use-Go-from-host.patch
+- Add 0002-disable-wee8-mismatched-new-delete-warning.patch to stop treating
+  mismated new delete warning as error
+- Remove patches that are no longer needed
+- Remove -c dbg and --color=no from bazel build option which will deplete memory
+  space and cause gcc compiling error
+- Add bazel build option to stop treating vla-parameter warning as error
+- Add --override_repository option to let bazel fetch dependencies from prebuilt 
+  vendor source instead of downloading from the network 
+- Disable rpm stripping
+
 * Tue Sep 14 2021 Henry Li <lihl@microsoft.com> - 1.14.4-4
 - Add patch to use newer version of bazel
 - Update patch to use new version of external dependencies
diff --git a/cgmanifest.json b/cgmanifest.json
index 0d6c57f8fda..231fc68986c 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1312,16 +1312,6 @@
         }
       }
     },
-    {
-      "component": {
-        "type": "other",
-        "other": {
-          "name": "boringssl",
-          "version": "20200921",
-          "downloadUrl": "https://boringssl.googlesource.com/boringssl/+archive/3743aafdacff2f7b083615a043a37101f740fa53.tar.gz"
-        }
-      }
-    },
     {
       "component": {
         "type": "other",
@@ -3338,8 +3328,8 @@
         "type": "other",
         "other": {
           "name": "envoy",
-          "version": "1.14.4",
-          "downloadUrl": "https://github.com/envoyproxy/envoy/archive/refs/tags/v1.14.4.tar.gz"
+          "version": "1.21.0",
+          "downloadUrl": "https://github.com/envoyproxy/envoy/archive/refs/tags/v1.21.0.tar.gz"
         }
       }
     },