| version 1.47, 2022/04/15 04:36:09 |
version 1.48, 2022/04/15 04:44:54 |
|
|
| <li>Portable Improvements |
<li>Portable Improvements |
| <ul> |
<ul> |
| <li>Enabled ASAN CI on Linux platform.<br> |
<li>Enabled ASAN CI on Linux platform.<br> |
| Thanks to Ilya Shipitsin (chipitsine <at> gmail com). |
|
| <li>Fixed various POSIX compliance and other portability issues<br> |
<li>Fixed various POSIX compliance and other portability issues<br> |
| found by the port to the Sortix operating system. |
found by the port to the Sortix operating system. |
| <li>Add libmd as platform specific libraries for Solaris.<br> |
<li>Add libmd as platform specific libraries for Solaris.<br> |
| Issue reported from (ihsan <at> opencsw org) on libressl ML. |
|
| <li>Set IA-64 compiler flag only if it is HP-UX with IA-64.<br> |
<li>Set IA-64 compiler flag only if it is HP-UX with IA-64.<br> |
| Suggested from Larkin Nickle (me <at> larbob org) by libressl ML. |
|
| <li>Enabled and scheduled Coverity scan.<br> |
<li>Enabled and scheduled Coverity scan.<br> |
| Contributed by Ilya Shipitsin (chipitsine <at> gmail com) on github. |
|
| </ul> |
</ul> |
| |
|
| <li>Compatibility Changes |
<li>Compatibility Changes |
|
|
| <li>Bug fixes |
<li>Bug fixes |
| <ul> |
<ul> |
| <li>Avoid infinite loop for custom curves of order 1.<br> |
<li>Avoid infinite loop for custom curves of order 1.<br> |
| Found and reported with a reproducer by Hanno Boeck. |
|
| Helpful comments and analysis from David Benjamin. |
|
| <li>Avoid infinite loop on parsing DSA private keys.<br> |
<li>Avoid infinite loop on parsing DSA private keys.<br> |
| Issue reported with reproducers by Hanno Boeck. |
|
| Additional variants and analysis by David Benjamin. |
|
| <li>A malicious certificate can cause an infinite loop.<br> |
<li>A malicious certificate can cause an infinite loop.<br> |
| Reported by and fix from Tavis Ormandy and David Benjamin, Google. |
|
| <li>In some situations, the verifier would discard the error on an |
<li>In some situations, the verifier would discard the error on an |
| unvalidated certificate chain.<br> |
unvalidated certificate chain.<br> |
| This would happen when the verification callback was in use, |
This would happen when the verification callback was in use, |
|
|
| the privilege separation monitor. Privilege separation has been |
the privilege separation monitor. Privilege separation has been |
| enabled by default in since openssh-3.2.2 (released in 2002) and |
enabled by default in since openssh-3.2.2 (released in 2002) and |
| has been mandatory since openssh-7.5 (released in 2017).<br> |
has been mandatory since openssh-7.5 (released in 2017).<br> |
| Thanks to Malcolm Stagg for finding and reporting this bug. |
|
| </ul> |
</ul> |
| <li>Potentially incompatible changes |
<li>Potentially incompatible changes |
| <ul> |
<ul> |
![[BACK]](/icons/back.gif){kind=icon}
Return to 71.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www