Land #752, Update CI actions

author: Brent Cook <busterb@gmail.com> 2022-05-09 01:29:28 -0500
committer: Brent Cook <busterb@gmail.com> 2022-05-09 01:29:28 -0500
commit: a0044d5a36252d82b0f7b2f1550f7fff701a484a (patch)
tree: 57ecac03b703abb72e1ec8117fcc515982fc7e7a /ChangeLog
parent: 5e974ea695aa57965c3037c787850012e188dfdb (diff)
parent: ff798b2a33d89679ac6c25a4773b91c6a26cd015 (diff)
download: portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.tar.gz
portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.tar.bz2
portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.zip
1 files changed, 57 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index b58f52d..e4dc7ad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,63 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+3.5.2 - Stable release
+        * Bug fixes
+          - Avoid single byte overread in asn1_parse2().
+          - Allow name constraints with a leading dot. From Alex Wilson.
+          - Relax a check in x509_constraints_dirname() to allow prefixes.
+            From Alex Wilson.
+          - Fix NULL dereferences in openssl(1) cms option parsing.
+          - Do not zero the computed cofactor on ec_guess_cofactor() success.
+          - Bound cofactor in EC_GROUP_set_generator() to reduce the number of
+            bogus groups that can be described with nonsensical parameters.
+          - Avoid various potential segfaults in EVP_PKEY_CTX_free() in low
+            memory conditions. Reported for HMAC by Masaru Masuda.
+          - Plug leak in ASN1_TIME_adj_internal().
+          - Avoid infinite loop for custom curves of order 1.
+            Issue reported by Hanno Boeck, comments by David Benjamin.
+          - Avoid an infinite loop on parsing DSA private keys by validating
+            that the provided parameters conform to FIPS 186-4.
+            Issue reported by Hanno Boeck, comments by David Benjamin.
+        * Compatibility improvements
+          - Allow non-standard name constraints of the form @domain.com.
+        * Internal improvements
+          - Limit OID text conversion to 64 bits per arc.
+          - Clean up and simplify memory BIO code.
+          - Reduce number of memmove() calls in memory BIOs.
+          - Factor out alert handling code in the legacy stack.
+          - Add sanity checks on p and q in old_dsa_priv_decode()
+          - Cache the SHA-512 hash instead of the SHA-1 for CRLs.
+          - Suppress various compiler warnings for old gcc versions.
+          - Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i().
+          - Rework ownership handling in x509_constraints_validate().
+          - Rework ASN1_STRING_set().
+          - Remove const from tls1_transcript_hash_value().
+          - Clean up and simplify ssl3_renegotiate{,_check}().
+          - Rewrite legacy TLS and DTLS unexpected handshake message handling.
+          - Simplify SSL_do_handshake().
+          - Rewrite ASCII/text to ASN.1 object conversion.
+          - Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj().
+          - Split armv7 and aarch64 code into separate locations.
+          - Rewrote openssl(1) ts to use the new option handling and cleaned
+            up the C code.
+          - Provide asn1_get_primitive().
+          - Convert {c2i,d2i}_ASN1_OBJECT() to CBS.
+          - Remove the minimum record length checks from dtls1_read_bytes().
+          - Clean up {dtls1,ssl3}_read_bytes().
+          - Be more careful with embedded and terminating NULs in the new
+            name constraints code.
+          - Check EVP_Digest* return codes in openssl(1) ts
+          - Various minor code cleanup in openssl(1) pkcs12
+          - Use calloc() in pkey_hmac_init().
+          - Simplify priv_key handling in d2i_ECPrivateKey().
+        * Documentation improvements
+          - Update d2i_ASN1_OBJECT(3) documentation to reflect reality after
+            refactoring and bug fixes.
+          - Fixed numerous minor grammar, spelling, wording, and punctuation
+            issues.
 3.5.1 - Security release
        * A malicious certificate can cause an infinite loop.
author	Brent Cook <busterb@gmail.com>	2022-05-09 01:29:28 -0500
committer	Brent Cook <busterb@gmail.com>	2022-05-09 01:29:28 -0500
commit	a0044d5a36252d82b0f7b2f1550f7fff701a484a (patch)
tree	57ecac03b703abb72e1ec8117fcc515982fc7e7a /ChangeLog
parent	5e974ea695aa57965c3037c787850012e188dfdb (diff)
parent	ff798b2a33d89679ac6c25a4773b91c6a26cd015 (diff)
download	portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.tar.gz portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.tar.bz2 portable-a0044d5a36252d82b0f7b2f1550f7fff701a484a.zip

diff --git a/ChangeLog b/ChangeLog index b58f52d..e4dc7ad 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,63 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	3.5.2 - Stable release
		32
		33	* Bug fixes
		34	- Avoid single byte overread in asn1_parse2().
		35	- Allow name constraints with a leading dot. From Alex Wilson.
		36	- Relax a check in x509_constraints_dirname() to allow prefixes.
		37	From Alex Wilson.
		38	- Fix NULL dereferences in openssl(1) cms option parsing.
		39	- Do not zero the computed cofactor on ec_guess_cofactor() success.
		40	- Bound cofactor in EC_GROUP_set_generator() to reduce the number of
		41	bogus groups that can be described with nonsensical parameters.
		42	- Avoid various potential segfaults in EVP_PKEY_CTX_free() in low
		43	memory conditions. Reported for HMAC by Masaru Masuda.
		44	- Plug leak in ASN1_TIME_adj_internal().
		45	- Avoid infinite loop for custom curves of order 1.
		46	Issue reported by Hanno Boeck, comments by David Benjamin.
		47	- Avoid an infinite loop on parsing DSA private keys by validating
		48	that the provided parameters conform to FIPS 186-4.
		49	Issue reported by Hanno Boeck, comments by David Benjamin.
		50	* Compatibility improvements
		51	- Allow non-standard name constraints of the form @domain.com.
		52	* Internal improvements
		53	- Limit OID text conversion to 64 bits per arc.
		54	- Clean up and simplify memory BIO code.
		55	- Reduce number of memmove() calls in memory BIOs.
		56	- Factor out alert handling code in the legacy stack.
		57	- Add sanity checks on p and q in old_dsa_priv_decode()
		58	- Cache the SHA-512 hash instead of the SHA-1 for CRLs.
		59	- Suppress various compiler warnings for old gcc versions.
		60	- Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i().
		61	- Rework ownership handling in x509_constraints_validate().
		62	- Rework ASN1_STRING_set().
		63	- Remove const from tls1_transcript_hash_value().
		64	- Clean up and simplify ssl3_renegotiate{,_check}().
		65	- Rewrite legacy TLS and DTLS unexpected handshake message handling.
		66	- Simplify SSL_do_handshake().
		67	- Rewrite ASCII/text to ASN.1 object conversion.
		68	- Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj().
		69	- Split armv7 and aarch64 code into separate locations.
		70	- Rewrote openssl(1) ts to use the new option handling and cleaned
		71	up the C code.
		72	- Provide asn1_get_primitive().
		73	- Convert {c2i,d2i}_ASN1_OBJECT() to CBS.
		74	- Remove the minimum record length checks from dtls1_read_bytes().
		75	- Clean up {dtls1,ssl3}_read_bytes().
		76	- Be more careful with embedded and terminating NULs in the new
		77	name constraints code.
		78	- Check EVP_Digest* return codes in openssl(1) ts
		79	- Various minor code cleanup in openssl(1) pkcs12
		80	- Use calloc() in pkey_hmac_init().
		81	- Simplify priv_key handling in d2i_ECPrivateKey().
		82	* Documentation improvements
		83	- Update d2i_ASN1_OBJECT(3) documentation to reflect reality after
		84	refactoring and bug fixes.
		85	- Fixed numerous minor grammar, spelling, wording, and punctuation
		86	issues.
		87
31	3.5.1 - Security release	88	3.5.1 - Security release
32		89
33	* A malicious certificate can cause an infinite loop.	90	* A malicious certificate can cause an infinite loop.