===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/73.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -c -r1.3 -r1.4
*** www/73.html 2023/03/15 16:50:03 1.3
--- www/73.html 2023/03/16 08:49:53 1.4
***************
*** 174,200 ****
...
! LibreSSL version 3.6.0
- New features
- Compatibility changes
- Bug fixes
- Internal improvements
OpenSSH XXX.YYY
--- 174,269 ----
...
! LibreSSL version 3.7.2
- New features
! - Added Ed25519 support both as a primitive and via OpenSSL's EVP interfaces.
!
- X25519 is now also supported via EVP.
!
- The OpenSSL 1.1 raw public and private key API is available with support for
! EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519. Poly1305 is not
! currently supported via this interface.
!
- Added EVP_CIPHER_meth_*() setter API.
!
- Added various X.509 accessor functions.
- Compatibility changes
! - BIO_read() and BIO_write() now behave more closely to OpenSSL 3 in
! various corner cases.
- Bug fixes
! - Added EVP_chacha20_poly1305() to the list of all ciphers.
!
- Fixed potential leaks of EVP_PKEY in various printing functions
!
- Fixed potential leak in OBJ_NAME_add().
!
- Avoid signed overflow in i2c_ASN1_BIT_STRING().
!
- Cleaned up EVP_PKEY_ASN1_METHOD related tables and code.
!
- Fixed long standing bugs BN_GF2m_poly2arr() and BN_GF2m_mod().
!
- Fixed segfaults in BN_{dec,hex}2bn().
!
- Fixed NULL dereference in x509_constraints_uri_host() reachable only
! in the process of generating certificates.
!
- Fixed a variety of memory corruption issues in BIO chains coming
! from poor old and new API: BIO_push(), BIO_pop(), BIO_set_next().
!
- Avoid potential divide by zero in BIO_dump_indent_cb()
!
- Fixed a memory leak, a double free and various other issues in
! BIO_new_NDEF().
!
- Fixed various crashes in the openssl(1) testing utility.
!
- Do not check policies by default in the new X.509 verifier.
!
- Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse.
!
- Added missing error checking in PKCS7.
!
- Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().
+ - Documentation improvements
+
+ - Numerous improvements and additions for ASN.1, BIO, BN, and X.509.
+
- The BN documentation is now considered to be complete.
+
- Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3),
+ BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented.
+
- Documented various BIO_* interfaces.
+
- Documented ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3).
+
- Documented EVP_PKEY raw private/public key interfaces.
+
- Documented ASN1_buf_print(3).
+
- Documented DH_get0_*, DSA_get0_*, ECDSA_SIG_get0_* and RSA_get0_*.
+
- Merged documentation of UI_null() from OpenSSL 1.1
+
- Various spelling and other documentation improvements.
+
+
- Internal improvements
! - Remove dependency on system timegm() and gmtime() by replacing
! traditional Julian date conversion with POSIX epoch-seconds date
! conversion from BoringSSL.
!
- Removed old and unused BN code dealing with primes.
!
- Started rewriting name constraints code using CBS.
!
- Removed support for the HMAC PRIVATE KEY.
!
- Reworked DSA signing and verifying internals.
!
- Rewrote the TLSv1.2 key exporter.
!
- Cleaned up and refactored various aspects of the legacy TLS stack.
!
- Initial overhaul of the BIGNUM code:
!
- Added a new framework that allows architecture-dependent
! replacement implementations for bignum primitives.
!
- Imported various s2n-bignum's constant time assembly primitives
! and switched amd64 to them.
!
- Lots of cleanup, simplification and bug fixes.
!
- Changed Perl assembly generators to move constants into .rodata,
! allowing code to run with execute-only permissions.
!
- Capped the number of iterations in DSA and ECDSA signing (avoiding
! infinite loops), added additional sanity checks to DSA.
!
- ASN.1 parsing improvements.
!
- Cleanup and improvements in EC code, including always clearing EC
! groups and points on free.
!
- Various openssl(1) improvements.
!
- Various nc(1) improvements.
+
+ - Security fixes
+
+ - A malicious certificate revocation list or timestamp response token
+ would allow an attacker to read arbitrary memory.
+
OpenSSH XXX.YYY
***************
*** 234,240 ****
Some highlights:
!
- Asterisk 16.28.0, 18.14.0 and 19.6.0
- Audacity 2.4.2
- CMake 3.24.2
--- 303,309 ----
Some highlights:
!
- Asterisk 16.28.0, 18.14.0 and 19.6.0
- Audacity 2.4.2
- CMake 3.24.2
***************
*** 282,288 ****
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
!
- Xenocara (based on X.Org 7.7 with xserver 21.1.4 + patches,
freetype 2.12.1, fontconfig 2.13.94, Mesa 22.1.7, xterm 372,
xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
--- 351,357 ----
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
!
- Xenocara (based on X.Org 7.7 with xserver 21.1.4 + patches,
freetype 2.12.1, fontconfig 2.13.94, Mesa 22.1.7, xterm 372,
xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)