===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/73.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- www/73.html 2023/03/15 16:50:03 1.3
+++ www/73.html 2023/03/16 08:49:53 1.4
@@ -174,27 +174,96 @@
...
-LibreSSL version 3.6.0
+LibreSSL version 3.7.2
- New features
- - ...
+
- Added Ed25519 support both as a primitive and via OpenSSL's EVP interfaces.
+
- X25519 is now also supported via EVP.
+
- The OpenSSL 1.1 raw public and private key API is available with support for
+ EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519. Poly1305 is not
+ currently supported via this interface.
+
- Added EVP_CIPHER_meth_*() setter API.
+
- Added various X.509 accessor functions.
- Compatibility changes
- - ...
+
- BIO_read() and BIO_write() now behave more closely to OpenSSL 3 in
+ various corner cases.
- Bug fixes
- - ...
+
- Added EVP_chacha20_poly1305() to the list of all ciphers.
+
- Fixed potential leaks of EVP_PKEY in various printing functions
+
- Fixed potential leak in OBJ_NAME_add().
+
- Avoid signed overflow in i2c_ASN1_BIT_STRING().
+
- Cleaned up EVP_PKEY_ASN1_METHOD related tables and code.
+
- Fixed long standing bugs BN_GF2m_poly2arr() and BN_GF2m_mod().
+
- Fixed segfaults in BN_{dec,hex}2bn().
+
- Fixed NULL dereference in x509_constraints_uri_host() reachable only
+ in the process of generating certificates.
+
- Fixed a variety of memory corruption issues in BIO chains coming
+ from poor old and new API: BIO_push(), BIO_pop(), BIO_set_next().
+
- Avoid potential divide by zero in BIO_dump_indent_cb()
+
- Fixed a memory leak, a double free and various other issues in
+ BIO_new_NDEF().
+
- Fixed various crashes in the openssl(1) testing utility.
+
- Do not check policies by default in the new X.509 verifier.
+
- Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse.
+
- Added missing error checking in PKCS7.
+
- Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().
+ - Documentation improvements
+
+ - Numerous improvements and additions for ASN.1, BIO, BN, and X.509.
+
- The BN documentation is now considered to be complete.
+
- Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3),
+ BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented.
+
- Documented various BIO_* interfaces.
+
- Documented ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3).
+
- Documented EVP_PKEY raw private/public key interfaces.
+
- Documented ASN1_buf_print(3).
+
- Documented DH_get0_*, DSA_get0_*, ECDSA_SIG_get0_* and RSA_get0_*.
+
- Merged documentation of UI_null() from OpenSSL 1.1
+
- Various spelling and other documentation improvements.
+
+
- Internal improvements
- - ...
+
- Remove dependency on system timegm() and gmtime() by replacing
+ traditional Julian date conversion with POSIX epoch-seconds date
+ conversion from BoringSSL.
+
- Removed old and unused BN code dealing with primes.
+
- Started rewriting name constraints code using CBS.
+
- Removed support for the HMAC PRIVATE KEY.
+
- Reworked DSA signing and verifying internals.
+
- Rewrote the TLSv1.2 key exporter.
+
- Cleaned up and refactored various aspects of the legacy TLS stack.
+
- Initial overhaul of the BIGNUM code:
+
- Added a new framework that allows architecture-dependent
+ replacement implementations for bignum primitives.
+
- Imported various s2n-bignum's constant time assembly primitives
+ and switched amd64 to them.
+
- Lots of cleanup, simplification and bug fixes.
+
- Changed Perl assembly generators to move constants into .rodata,
+ allowing code to run with execute-only permissions.
+
- Capped the number of iterations in DSA and ECDSA signing (avoiding
+ infinite loops), added additional sanity checks to DSA.
+
- ASN.1 parsing improvements.
+
- Cleanup and improvements in EC code, including always clearing EC
+ groups and points on free.
+
- Various openssl(1) improvements.
+
- Various nc(1) improvements.
+
+ - Security fixes
+
+ - A malicious certificate revocation list or timestamp response token
+ would allow an attacker to read arbitrary memory.
+
OpenSSH XXX.YYY
@@ -234,7 +303,7 @@
Some highlights:
-
+
- Asterisk 16.28.0, 18.14.0 and 19.6.0
- Audacity 2.4.2
- CMake 3.24.2
@@ -282,7 +351,7 @@
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
-
+
- Xenocara (based on X.Org 7.7 with xserver 21.1.4 + patches,
freetype 2.12.1, fontconfig 2.13.94, Mesa 22.1.7, xterm 372,
xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)