diff options
| author | Theo Buehler <tb@openbsd.org> | 2022-04-15 18:34:43 +0200 |
|---|---|---|
| committer | Theo Buehler <tb@openbsd.org> | 2022-04-15 18:34:43 +0200 |
| commit | ac053c8453d0ae1e16a15f435dbd4d3169ebbae8 (patch) | |
| tree | 8cfaf0abe3a31126e8ee1ed4857a7401328e9360 | |
| parent | 87441bdbceeceb8eebc8d8b4d7211c890248c0c7 (diff) | |
| download | portable-ac053c8453d0ae1e16a15f435dbd4d3169ebbae8.tar.gz portable-ac053c8453d0ae1e16a15f435dbd4d3169ebbae8.tar.bz2 portable-ac053c8453d0ae1e16a15f435dbd4d3169ebbae8.zip | |
add a few more things
| -rw-r--r-- | ChangeLog | 13 |
1 files changed, 13 insertions, 0 deletions
| @@ -31,6 +31,10 @@ LibreSSL Portable Release Notes: | |||
| 31 | 3.5.2 - Stable release | 31 | 3.5.2 - Stable release |
| 32 | 32 | ||
| 33 | * Bug fixes | 33 | * Bug fixes |
| 34 | - Avoid single byte overread in asn1_parse2(). | ||
| 35 | - Allow name constraints with a leading dot. From Alex Wilson. | ||
| 36 | - Relax a check in x509_constraints_dirname() to allow prefixes. | ||
| 37 | From Alex Wilson. | ||
| 34 | - Fix NULL dereferences in openssl(1) cms option parsing. | 38 | - Fix NULL dereferences in openssl(1) cms option parsing. |
| 35 | - Do not zero the computed cofactor on ec_guess_cofactor() success. | 39 | - Do not zero the computed cofactor on ec_guess_cofactor() success. |
| 36 | - Bound cofactor in EC_GROUP_set_generator() to reduce the number of | 40 | - Bound cofactor in EC_GROUP_set_generator() to reduce the number of |
| @@ -43,8 +47,17 @@ LibreSSL Portable Release Notes: | |||
| 43 | - Avoid an infinite loop on parsing DSA private keys by validating | 47 | - Avoid an infinite loop on parsing DSA private keys by validating |
| 44 | that the provided parameters conform to FIPS 186-4. | 48 | that the provided parameters conform to FIPS 186-4. |
| 45 | Issue reported by Hanno Boeck, comments by David Benjamin. | 49 | Issue reported by Hanno Boeck, comments by David Benjamin. |
| 50 | * Compatibility improvements | ||
| 51 | - Allow non-standard name constraints of the form @domain.com. | ||
| 46 | * Internal improvements | 52 | * Internal improvements |
| 53 | - Limit OID text conversion to 64 bits per arc. | ||
| 54 | - Clean up and simplify memory BIO code. | ||
| 55 | - Reduce number of memmove() calls in memory BIOs. | ||
| 56 | - Factor out alert handling code in the legacy stack. | ||
| 57 | - Add sanity checks on p and q in old_dsa_priv_decode() | ||
| 58 | - Cache the SHA-512 hash instead of the SHA-1 for CRLs. | ||
| 47 | - Suppress various compiler warnings for old gcc versions. | 59 | - Suppress various compiler warnings for old gcc versions. |
| 60 | - Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i(). | ||
| 48 | - Rework ASN1_STRING_set(). | 61 | - Rework ASN1_STRING_set(). |
| 49 | - Remove const from tls1_transcript_hash_value(). | 62 | - Remove const from tls1_transcript_hash_value(). |
| 50 | - Clean up and simplify ssl3_renegotiate{,_check}(). | 63 | - Clean up and simplify ssl3_renegotiate{,_check}(). |