diff options
| author | Theo Buehler <tb@openbsd.org> | 2022-04-15 18:03:35 +0200 |
|---|---|---|
| committer | Brent Cook <busterb@gmail.com> | 2022-04-19 15:24:19 -0500 |
| commit | e734f1d12d514b6e7dbe3ce2bb289819a38ed518 (patch) | |
| tree | 473ff8fad08556ea25e4c6e8e390a674a5bcf2b5 | |
| parent | c35f5f1ded049e7e439d0b5645904050aeb28097 (diff) | |
| download | portable-e734f1d12d514b6e7dbe3ce2bb289819a38ed518.tar.gz portable-e734f1d12d514b6e7dbe3ce2bb289819a38ed518.tar.bz2 portable-e734f1d12d514b6e7dbe3ce2bb289819a38ed518.zip | |
LibreSSL 3.5.2 ChangeLog
| -rw-r--r-- | ChangeLog | 43 |
1 files changed, 43 insertions, 0 deletions
| @@ -28,6 +28,49 @@ history is also available from Git. | |||
| 28 | 28 | ||
| 29 | LibreSSL Portable Release Notes: | 29 | LibreSSL Portable Release Notes: |
| 30 | 30 | ||
| 31 | 3.5.2 - Stable release | ||
| 32 | |||
| 33 | * Bug fixes | ||
| 34 | - Fix NULL dereferences in openssl(1) cms option parsing. | ||
| 35 | - Do not zero the computed cofactor on ec_guess_cofactor() success. | ||
| 36 | - Bound cofactor in EC_GROUP_set_generator() to reduce the number of | ||
| 37 | bogus groups that can be described with nonsensical parameters. | ||
| 38 | - Avoid various potential segfaults in EVP_PKEY_CTX_free() in low | ||
| 39 | memory conditions. Reported for HMAC by Masaru Masuda. | ||
| 40 | - Plug leak in ASN1_TIME_adj_internal(). | ||
| 41 | - Avoid infinite loop for custom curves of order 1. | ||
| 42 | Issue reported by Hanno Boeck, comments by David Benjamin. | ||
| 43 | - Avoid an infinite loop on parsing DSA private keys by validating | ||
| 44 | that the provided parameters conform to FIPS 186-4. | ||
| 45 | Issue reported by Hanno Boeck, comments by David Benjamin. | ||
| 46 | * Internal improvements | ||
| 47 | - Suppress various compiler warnings for old gcc versions. | ||
| 48 | - Rework ASN1_STRING_set(). | ||
| 49 | - Remove const from tls1_transcript_hash_value(). | ||
| 50 | - Clean up and simplify ssl3_renegotiate{,_check}(). | ||
| 51 | - Rewrite legacy TLS and DTLS unexpected handshake message handling. | ||
| 52 | - Simplify SSL_do_handshake(). | ||
| 53 | - Rewrite ASCII/text to ASN.1 object conversion. | ||
| 54 | - Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj(). | ||
| 55 | - Split armv7 and aarch64 code into separate locations. | ||
| 56 | - Rewrote openssl(1) ts to use the new option handling and cleaned | ||
| 57 | up the C code. | ||
| 58 | - Provide asn1_get_primitive(). | ||
| 59 | - Convert {c2i,d2i}_ASN1_OBJECT() to CBS. | ||
| 60 | - Remove the minimum record length checks from dtls1_read_bytes(). | ||
| 61 | - Clean up {dtls1,ssl3}_read_bytes(). | ||
| 62 | - Be more careful with embedded and terminating NULs in the new | ||
| 63 | name constraints code. | ||
| 64 | - Check EVP_Digest* return codes in openssl(1) ts | ||
| 65 | - Various minor code cleanup in openssl(1) pkcs12 | ||
| 66 | - Use calloc() in pkey_hmac_init(). | ||
| 67 | - Simplify priv_key handling in d2i_ECPrivateKey(). | ||
| 68 | * Documentation improvements | ||
| 69 | - Update d2i_ASN1_OBJECT(3) documentation to reflect reality after | ||
| 70 | refactoring and bug fixes. | ||
| 71 | - Fixed numerous minor grammar, spelling, wording, and punctuation | ||
| 72 | issues. | ||
| 73 | |||
| 31 | 3.5.1 - Security release | 74 | 3.5.1 - Security release |
| 32 | 75 | ||
| 33 | * A malicious certificate can cause an infinite loop. | 76 | * A malicious certificate can cause an infinite loop. |