| version 1.3, 2023/03/15 16:50:03 |
version 1.4, 2023/03/16 08:49:53 |
|
|
| <li>... |
<li>... |
| </ul> |
</ul> |
| |
|
| <li>LibreSSL version 3.6.0 |
<li>LibreSSL version 3.7.2 |
| <ul> |
<ul> |
| <li>New features |
<li>New features |
| <ul> |
<ul> |
| <li>... |
<li>Added Ed25519 support both as a primitive and via OpenSSL's EVP interfaces. |
| |
<li>X25519 is now also supported via EVP. |
| |
<li>The OpenSSL 1.1 raw public and private key API is available with support for |
| |
EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519. Poly1305 is not |
| |
currently supported via this interface. |
| |
<li>Added EVP_CIPHER_meth_*() setter API. |
| |
<li>Added various X.509 accessor functions. |
| </ul> |
</ul> |
| |
|
| <li>Compatibility changes |
<li>Compatibility changes |
| <ul> |
<ul> |
| <li>... |
<li>BIO_read() and BIO_write() now behave more closely to OpenSSL 3 in |
| |
various corner cases. |
| </ul> |
</ul> |
| |
|
| <li>Bug fixes |
<li>Bug fixes |
| <ul> |
<ul> |
| <li>... |
<li>Added EVP_chacha20_poly1305() to the list of all ciphers. |
| |
<li>Fixed potential leaks of EVP_PKEY in various printing functions |
| |
<li>Fixed potential leak in OBJ_NAME_add(). |
| |
<li>Avoid signed overflow in i2c_ASN1_BIT_STRING(). |
| |
<li>Cleaned up EVP_PKEY_ASN1_METHOD related tables and code. |
| |
<li>Fixed long standing bugs BN_GF2m_poly2arr() and BN_GF2m_mod(). |
| |
<li>Fixed segfaults in BN_{dec,hex}2bn(). |
| |
<li>Fixed NULL dereference in x509_constraints_uri_host() reachable only |
| |
in the process of generating certificates. |
| |
<li>Fixed a variety of memory corruption issues in BIO chains coming |
| |
from poor old and new API: BIO_push(), BIO_pop(), BIO_set_next(). |
| |
<li>Avoid potential divide by zero in BIO_dump_indent_cb() |
| |
<li>Fixed a memory leak, a double free and various other issues in |
| |
BIO_new_NDEF(). |
| |
<li>Fixed various crashes in the openssl(1) testing utility. |
| |
<li>Do not check policies by default in the new X.509 verifier. |
| |
<li>Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse. |
| |
<li>Added missing error checking in PKCS7. |
| |
<li>Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). |
| </ul> |
</ul> |
| |
|
| |
<li>Documentation improvements |
| |
<ul> |
| |
<li>Numerous improvements and additions for ASN.1, BIO, BN, and X.509. |
| |
<li>The BN documentation is now considered to be complete. |
| |
<li>Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3), |
| |
BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented. |
| |
<li>Documented various BIO_* interfaces. |
| |
<li>Documented ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3). |
| |
<li>Documented EVP_PKEY raw private/public key interfaces. |
| |
<li>Documented ASN1_buf_print(3). |
| |
<li>Documented DH_get0_*, DSA_get0_*, ECDSA_SIG_get0_* and RSA_get0_*. |
| |
<li>Merged documentation of UI_null() from OpenSSL 1.1 |
| |
<li>Various spelling and other documentation improvements. |
| |
</ul> |
| |
|
| <li>Internal improvements |
<li>Internal improvements |
| <ul> |
<ul> |
| <li>... |
<li>Remove dependency on system timegm() and gmtime() by replacing |
| |
traditional Julian date conversion with POSIX epoch-seconds date |
| |
conversion from BoringSSL. |
| |
<li>Removed old and unused BN code dealing with primes. |
| |
<li>Started rewriting name constraints code using CBS. |
| |
<li>Removed support for the HMAC PRIVATE KEY. |
| |
<li>Reworked DSA signing and verifying internals. |
| |
<li>Rewrote the TLSv1.2 key exporter. |
| |
<li>Cleaned up and refactored various aspects of the legacy TLS stack. |
| |
<li>Initial overhaul of the BIGNUM code: |
| |
<li>Added a new framework that allows architecture-dependent |
| |
replacement implementations for bignum primitives. |
| |
<li>Imported various s2n-bignum's constant time assembly primitives |
| |
and switched amd64 to them. |
| |
<li>Lots of cleanup, simplification and bug fixes. |
| |
<li>Changed Perl assembly generators to move constants into .rodata, |
| |
allowing code to run with execute-only permissions. |
| |
<li>Capped the number of iterations in DSA and ECDSA signing (avoiding |
| |
infinite loops), added additional sanity checks to DSA. |
| |
<li>ASN.1 parsing improvements. |
| |
<li>Cleanup and improvements in EC code, including always clearing EC |
| |
groups and points on free. |
| |
<li>Various openssl(1) improvements. |
| |
<li>Various nc(1) improvements. |
| </ul> |
</ul> |
| |
|
| |
<li>Security fixes |
| |
<ul> |
| |
<li>A malicious certificate revocation list or timestamp response token |
| |
would allow an attacker to read arbitrary memory. |
| |
</ul> |
| </ul> |
</ul> |
| |
|
| <li>OpenSSH XXX.YYY |
<li>OpenSSH XXX.YYY |
|
|
| </ul> |
</ul> |
| |
|
| <p>Some highlights: |
<p>Some highlights: |
| <ul style="column-count: 3"><!--- XXX all need to be checked/updated 2023-03-04 ---> |
<ul style="column-count: 3"><!-- XXX all need to be checked/updated 2023-03-04 --> |
| <li>Asterisk 16.28.0, 18.14.0 and 19.6.0 |
<li>Asterisk 16.28.0, 18.14.0 and 19.6.0 |
| <li>Audacity 2.4.2 |
<li>Audacity 2.4.2 |
| <li>CMake 3.24.2 |
<li>CMake 3.24.2 |
|
|
| <li>As usual, steady improvements in manual pages and other documentation. |
<li>As usual, steady improvements in manual pages and other documentation. |
| |
|
| <li>The system includes the following major components from outside suppliers: |
<li>The system includes the following major components from outside suppliers: |
| <ul><!--- XXX all need to be checked/updated 2023-03-04 ---> |
<ul><!-- XXX all need to be checked/updated 2023-03-04 --> |
| <li>Xenocara (based on X.Org 7.7 with xserver 21.1.4 + patches, |
<li>Xenocara (based on X.Org 7.7 with xserver 21.1.4 + patches, |
| freetype 2.12.1, fontconfig 2.13.94, Mesa 22.1.7, xterm 372, |
freetype 2.12.1, fontconfig 2.13.94, Mesa 22.1.7, xterm 372, |
| xkeyboard-config 2.20, fonttosfnt 1.2.2 and more) |
xkeyboard-config 2.20, fonttosfnt 1.2.2 and more) |
![[BACK]](/icons/back.gif){kind=icon}
Return to 73.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www