From 0b710d6672ef0cd5e87192baf4438a827d9aabff Mon Sep 17 00:00:00 2001
From: Bob Beck <beck@openbsd.org>
Date: Tue, 2 May 2023 08:19:29 -0600
Subject: Add to changelog

---
 ChangeLog | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 57b34e3..9fbc33a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -45,6 +45,8 @@ LibreSSL Portable Release Notes:
 	  - Added endbr64 instructions to amd64 assembly.
 	  - Imported RFC 5280 policy checking code from BoringSSL and used it
 	    to replace the old exponential time code.
+	  - Modified X509_NAME_get_text_by_[NID|OBJ] to safely return a C string
+	    instead of potentially arbitrary bytes
 	* New features
 	  - Added support for truncated SHA-2 and for SHA-3.
 	* Compatibility changes
@@ -67,8 +69,10 @@ LibreSSL Portable Release Notes:
 	  - Fix error checking of i2d_ECDSA_SIG() in ossl_ecdsa_sign().
 	  - Fixed detection of extended operations (XOP) on AMD hardware.
 	  - Ensure Montgomery exponentiation is used for the initial RSA blinding.
+	  - Policy is always checked in X509 validation, Critical policy extensions
+	    are no longer silently ignored.
 	* Documentation improvements
-	  - Improved documentation of BIO_ctrl(3), BIO_set_info_callback(3), 
+	  - Improved documentation of BIO_ctrl(3), BIO_set_info_callback(3),
 	    BIO_get_info_callback(3), BIO_method_type(3), and BIO_method_name(3).
 	  - Marked BIO_CB_return(), BIO_cb_pre(), and BIO_cb_post() as intentionally
 	    undocumented.
-- 
cgit v1.2.3-55-g6feb