diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2023-03-15 20:34:00 -0600 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2023-03-15 20:34:00 -0600 |
| commit | ce4536684c9b3d82c99318da257525c0e651983b (patch) | |
| tree | 1cf2468019c35dcf076c04985d5e8187e9b0f005 | |
| parent | 92ad7393cd0a4b7bad45dd32b53cfd317b429a62 (diff) | |
| download | portable-ce4536684c9b3d82c99318da257525c0e651983b.tar.gz portable-ce4536684c9b3d82c99318da257525c0e651983b.tar.bz2 portable-ce4536684c9b3d82c99318da257525c0e651983b.zip | |
Fix up 3.7.1 changelog
| -rw-r--r-- | ChangeLog | 52 |
1 files changed, 17 insertions, 35 deletions
| @@ -41,28 +41,7 @@ LibreSSL Portable Release Notes: | |||
| 41 | - Assorted initial cleanup in the EC code | 41 | - Assorted initial cleanup in the EC code |
| 42 | - Fixed Perl assembly generators to move constants into .rodata. | 42 | - Fixed Perl assembly generators to move constants into .rodata. |
| 43 | This allows code to run with execute-only permissions | 43 | This allows code to run with execute-only permissions |
| 44 | * Bug fixes | 44 | - ASN1 parsing rework and improvements |
| 45 | - Fixed a memory leak, a double free and various other issues in | ||
| 46 | BIO_new_NDEF() | ||
| 47 | - Avoid infinite loops in DSA and ECDSA signing | ||
| 48 | - Check DSA parameter sanity | ||
| 49 | - Fixed various crashes in the openssl(1) testing utility | ||
| 50 | - Do not check policies by default in the new X.509 verifier | ||
| 51 | * Public API: | ||
| 52 | - added EVP_CIPHER_meth_* support (only setters) | ||
| 53 | - UI_null(), X509_CRL_get0_tbs_sigalg(), X509_STORE_*check_issued(), | ||
| 54 | X509_get0_uids() | ||
| 55 | * Security fix | ||
| 56 | - A malicious certificate revocation list or timestamp response token | ||
| 57 | would allow an attacker to read arbitrary memory. | ||
| 58 | |||
| 59 | 3.7.0 - Development release | ||
| 60 | ======= | ||
| 61 | 3.7.1 - Stable release | ||
| 62 | * Internal improvements | ||
| 63 | - Extensive reworking of bignum and montgomery multiplication support (BN_). | ||
| 64 | - Transition to using s2n-bignum assembly implementation for bignum on amd64 | ||
| 65 | - ASN1 parsing rework and improvements, including infinite loop avoidance. | ||
| 66 | - Make UI_destroy_method() NULL safe. | 45 | - Make UI_destroy_method() NULL safe. |
| 67 | - Various improvements to nc | 46 | - Various improvements to nc |
| 68 | - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). | 47 | - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). |
| @@ -72,13 +51,24 @@ LibreSSL Portable Release Notes: | |||
| 72 | - Cap the number of iterations in DSA signing, and other DSA sanity checks. | 51 | - Cap the number of iterations in DSA signing, and other DSA sanity checks. |
| 73 | - Always clear EC groups and points on free. | 52 | - Always clear EC groups and points on free. |
| 74 | - Various other internal cleanups | 53 | - Various other internal cleanups |
| 75 | * Compatibility changes | ||
| 76 | - correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3) | ||
| 77 | * Bug fixes | 54 | * Bug fixes |
| 55 | - Fixed a memory leak, a double free and various other issues in | ||
| 56 | BIO_new_NDEF() | ||
| 57 | - Avoid infinite loops in DSA and ECDSA signing | ||
| 58 | - Check DSA parameter sanity | ||
| 59 | - Fixed various crashes in the openssl(1) testing utility | ||
| 60 | - Do not check policies by default in the new X.509 verifier | ||
| 78 | - Avoid -0 in BN_div_word(). | 61 | - Avoid -0 in BN_div_word(). |
| 79 | - Fix an off-by-one in dsa_check_key() | 62 | - Fix an off-by-one in dsa_check_key() |
| 80 | - openssl(1) asn1parse: avoid crash with ASN.1 BOOLEANS | 63 | - openssl(1) asn1parse: avoid crash with ASN.1 BOOLEANS |
| 81 | - Add missing error checking in PKCS7 | 64 | - Add missing error checking in PKCS7 |
| 65 | * Compatibility changes | ||
| 66 | - correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3) | ||
| 67 | - Provide UI_null() | ||
| 68 | - Expose various X509_STORE_*check_issued() | ||
| 69 | - Expose X509_CRL_get0_sigalg() and X509_get0_uids | ||
| 70 | - Expose the EVP_CIPHER_meth_* API (setter only) in evp.h | ||
| 71 | - Introduce X509_get0_uids() accessor function | ||
| 82 | * Documentation improvements | 72 | * Documentation improvements |
| 83 | - Mark BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3), | 73 | - Mark BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3), |
| 84 | BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented. | 74 | BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented. |
| @@ -106,17 +96,9 @@ LibreSSL Portable Release Notes: | |||
| 106 | - New Wycheproof tests added. | 96 | - New Wycheproof tests added. |
| 107 | - OpenSSL 3.0 Interop tests added. | 97 | - OpenSSL 3.0 Interop tests added. |
| 108 | - Many old tests rewritten, cleaned up and extended. | 98 | - Many old tests rewritten, cleaned up and extended. |
| 109 | * New features | 99 | * Security fix |
| 110 | - Modifications to perlasm and assembly code to move constants out of | 100 | - A malicious certificate revocation list or timestamp response token |
| 111 | executable memory to rodata memory, thus supportinf execute only | 101 | would allow an attacker to read arbitrary memory. |
| 112 | memory | ||
| 113 | - import a copy of OpenSSL 1.1's cmeth_lib.c | ||
| 114 | - Provide UI_null() | ||
| 115 | - Expose various X509_STORE_*check_issued() | ||
| 116 | - Expose X509_CRL_get0_sigalg() and X509_get0_uids | ||
| 117 | - Expose the EVP_CIPHER_meth_* API (setter only) in evp.h | ||
| 118 | - Introduce X509_get0_uids() accessor function | ||
| 119 | >>>>>>> 788c39a (3.7.1. ChangeLog) | ||
| 120 | 102 | ||
| 121 | 3.7.0 - Development release | 103 | 3.7.0 - Development release |
| 122 | * Internal improvements | 104 | * Internal improvements |