version 1.47, 2022/04/15 04:36:09 |
version 1.48, 2022/04/15 04:44:54 |
|
|
<li>Portable Improvements |
<li>Portable Improvements |
<ul> |
<ul> |
<li>Enabled ASAN CI on Linux platform.<br> |
<li>Enabled ASAN CI on Linux platform.<br> |
Thanks to Ilya Shipitsin (chipitsine <at> gmail com). |
|
<li>Fixed various POSIX compliance and other portability issues<br> |
<li>Fixed various POSIX compliance and other portability issues<br> |
found by the port to the Sortix operating system. |
found by the port to the Sortix operating system. |
<li>Add libmd as platform specific libraries for Solaris.<br> |
<li>Add libmd as platform specific libraries for Solaris.<br> |
Issue reported from (ihsan <at> opencsw org) on libressl ML. |
|
<li>Set IA-64 compiler flag only if it is HP-UX with IA-64.<br> |
<li>Set IA-64 compiler flag only if it is HP-UX with IA-64.<br> |
Suggested from Larkin Nickle (me <at> larbob org) by libressl ML. |
|
<li>Enabled and scheduled Coverity scan.<br> |
<li>Enabled and scheduled Coverity scan.<br> |
Contributed by Ilya Shipitsin (chipitsine <at> gmail com) on github. |
|
</ul> |
</ul> |
|
|
<li>Compatibility Changes |
<li>Compatibility Changes |
|
|
<li>Bug fixes |
<li>Bug fixes |
<ul> |
<ul> |
<li>Avoid infinite loop for custom curves of order 1.<br> |
<li>Avoid infinite loop for custom curves of order 1.<br> |
Found and reported with a reproducer by Hanno Boeck. |
|
Helpful comments and analysis from David Benjamin. |
|
<li>Avoid infinite loop on parsing DSA private keys.<br> |
<li>Avoid infinite loop on parsing DSA private keys.<br> |
Issue reported with reproducers by Hanno Boeck. |
|
Additional variants and analysis by David Benjamin. |
|
<li>A malicious certificate can cause an infinite loop.<br> |
<li>A malicious certificate can cause an infinite loop.<br> |
Reported by and fix from Tavis Ormandy and David Benjamin, Google. |
|
<li>In some situations, the verifier would discard the error on an |
<li>In some situations, the verifier would discard the error on an |
unvalidated certificate chain.<br> |
unvalidated certificate chain.<br> |
This would happen when the verification callback was in use, |
This would happen when the verification callback was in use, |
|
|
the privilege separation monitor. Privilege separation has been |
the privilege separation monitor. Privilege separation has been |
enabled by default in since openssh-3.2.2 (released in 2002) and |
enabled by default in since openssh-3.2.2 (released in 2002) and |
has been mandatory since openssh-7.5 (released in 2017).<br> |
has been mandatory since openssh-7.5 (released in 2017).<br> |
Thanks to Malcolm Stagg for finding and reporting this bug. |
|
</ul> |
</ul> |
<li>Potentially incompatible changes |
<li>Potentially incompatible changes |
<ul> |
<ul> |