From ce4536684c9b3d82c99318da257525c0e651983b Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Wed, 15 Mar 2023 20:34:00 -0600 Subject: Fix up 3.7.1 changelog --- ChangeLog | 52 +++++++++++++++++----------------------------------- 1 file changed, 17 insertions(+), 35 deletions(-) diff --git a/ChangeLog b/ChangeLog index fbfdacb..58eebcb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,28 +41,7 @@ LibreSSL Portable Release Notes: - Assorted initial cleanup in the EC code - Fixed Perl assembly generators to move constants into .rodata. This allows code to run with execute-only permissions - * Bug fixes - - Fixed a memory leak, a double free and various other issues in - BIO_new_NDEF() - - Avoid infinite loops in DSA and ECDSA signing - - Check DSA parameter sanity - - Fixed various crashes in the openssl(1) testing utility - - Do not check policies by default in the new X.509 verifier - * Public API: - - added EVP_CIPHER_meth_* support (only setters) - - UI_null(), X509_CRL_get0_tbs_sigalg(), X509_STORE_*check_issued(), - X509_get0_uids() - * Security fix - - A malicious certificate revocation list or timestamp response token - would allow an attacker to read arbitrary memory. - -3.7.0 - Development release -======= -3.7.1 - Stable release - * Internal improvements - - Extensive reworking of bignum and montgomery multiplication support (BN_). - - Transition to using s2n-bignum assembly implementation for bignum on amd64 - - ASN1 parsing rework and improvements, including infinite loop avoidance. + - ASN1 parsing rework and improvements - Make UI_destroy_method() NULL safe. - Various improvements to nc - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). @@ -72,13 +51,24 @@ LibreSSL Portable Release Notes: - Cap the number of iterations in DSA signing, and other DSA sanity checks. - Always clear EC groups and points on free. - Various other internal cleanups - * Compatibility changes - - correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3) * Bug fixes + - Fixed a memory leak, a double free and various other issues in + BIO_new_NDEF() + - Avoid infinite loops in DSA and ECDSA signing + - Check DSA parameter sanity + - Fixed various crashes in the openssl(1) testing utility + - Do not check policies by default in the new X.509 verifier - Avoid -0 in BN_div_word(). - Fix an off-by-one in dsa_check_key() - openssl(1) asn1parse: avoid crash with ASN.1 BOOLEANS - Add missing error checking in PKCS7 + * Compatibility changes + - correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3) + - Provide UI_null() + - Expose various X509_STORE_*check_issued() + - Expose X509_CRL_get0_sigalg() and X509_get0_uids + - Expose the EVP_CIPHER_meth_* API (setter only) in evp.h + - Introduce X509_get0_uids() accessor function * Documentation improvements - Mark BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3), BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented. @@ -106,17 +96,9 @@ LibreSSL Portable Release Notes: - New Wycheproof tests added. - OpenSSL 3.0 Interop tests added. - Many old tests rewritten, cleaned up and extended. - * New features - - Modifications to perlasm and assembly code to move constants out of - executable memory to rodata memory, thus supportinf execute only - memory - - import a copy of OpenSSL 1.1's cmeth_lib.c - - Provide UI_null() - - Expose various X509_STORE_*check_issued() - - Expose X509_CRL_get0_sigalg() and X509_get0_uids - - Expose the EVP_CIPHER_meth_* API (setter only) in evp.h - - Introduce X509_get0_uids() accessor function ->>>>>>> 788c39a (3.7.1. ChangeLog) + * Security fix + - A malicious certificate revocation list or timestamp response token + would allow an attacker to read arbitrary memory. 3.7.0 - Development release * Internal improvements -- cgit v1.2.3-55-g6feb