===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/73.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- www/73.html	2023/03/15 16:50:03	1.3
+++ www/73.html	2023/03/16 08:49:53	1.4
@@ -174,27 +174,96 @@
   <li>...
   </ul>
 
-<li>LibreSSL version 3.6.0
+<li>LibreSSL version 3.7.2
   <ul>
   <li>New features
     <ul>
-    <li>...
+    <li>Added Ed25519 support both as a primitive and via OpenSSL's EVP interfaces.
+    <li>X25519 is now also supported via EVP.
+    <li>The OpenSSL 1.1 raw public and private key API is available with support for
+        EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519. Poly1305 is not
+        currently supported via this interface.
+    <li>Added EVP_CIPHER_meth_*() setter API.
+    <li>Added various X.509 accessor functions.
     </ul>
 
   <li>Compatibility changes
     <ul>
-    <li>...
+    <li>BIO_read() and BIO_write() now behave more closely to OpenSSL 3 in
+        various corner cases.
     </ul>
 
   <li>Bug fixes
     <ul>
-    <li>...
+    <li>Added EVP_chacha20_poly1305() to the list of all ciphers.
+    <li>Fixed potential leaks of EVP_PKEY in various printing functions
+    <li>Fixed potential leak in OBJ_NAME_add().
+    <li>Avoid signed overflow in i2c_ASN1_BIT_STRING().
+    <li>Cleaned up EVP_PKEY_ASN1_METHOD related tables and code.
+    <li>Fixed long standing bugs BN_GF2m_poly2arr() and BN_GF2m_mod().
+    <li>Fixed segfaults in BN_{dec,hex}2bn().
+    <li>Fixed NULL dereference in x509_constraints_uri_host() reachable only
+        in the process of generating certificates.
+    <li>Fixed a variety of memory corruption issues in BIO chains coming
+        from poor old and new API: BIO_push(), BIO_pop(), BIO_set_next().
+    <li>Avoid potential divide by zero in BIO_dump_indent_cb()
+    <li>Fixed a memory leak, a double free and various other issues in
+        BIO_new_NDEF().
+    <li>Fixed various crashes in the openssl(1) testing utility.
+    <li>Do not check policies by default in the new X.509 verifier.
+    <li>Avoid crash with ASN.1 BOOLEANS in openssl(1) asn1parse.
+    <li>Added missing error checking in PKCS7.
+    <li>Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().
     </ul>
 
+  <li>Documentation improvements
+    <ul>
+    <li>Numerous improvements and additions for ASN.1, BIO, BN, and X.509.
+    <li>The BN documentation is now considered to be complete.
+    <li>Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3),
+        BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented.
+    <li>Documented various BIO_* interfaces.
+    <li>Documented ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3).
+    <li>Documented EVP_PKEY raw private/public key interfaces.
+    <li>Documented ASN1_buf_print(3).
+    <li>Documented DH_get0_*, DSA_get0_*, ECDSA_SIG_get0_* and RSA_get0_*.
+    <li>Merged documentation of UI_null() from OpenSSL 1.1
+    <li>Various spelling and other documentation improvements.
+    </ul>
+
   <li>Internal improvements
     <ul>
-    <li>...
+    <li>Remove dependency on system timegm() and gmtime() by replacing
+        traditional Julian date conversion with POSIX epoch-seconds date
+        conversion from BoringSSL.
+    <li>Removed old and unused BN code dealing with primes.
+    <li>Started rewriting name constraints code using CBS.
+    <li>Removed support for the HMAC PRIVATE KEY.
+    <li>Reworked DSA signing and verifying internals.
+    <li>Rewrote the TLSv1.2 key exporter.
+    <li>Cleaned up and refactored various aspects of the legacy TLS stack.
+    <li>Initial overhaul of the BIGNUM code:
+      <li>Added a new framework that allows architecture-dependent
+          replacement implementations for bignum primitives.
+      <li>Imported various s2n-bignum's constant time assembly primitives
+          and switched amd64 to them.
+      <li>Lots of cleanup, simplification and bug fixes.
+    <li>Changed Perl assembly generators to move constants into .rodata,
+        allowing code to run with execute-only permissions.
+    <li>Capped the number of iterations in DSA and ECDSA signing (avoiding
+        infinite loops), added additional sanity checks to DSA.
+    <li>ASN.1 parsing improvements.
+    <li>Cleanup and improvements in EC code, including always clearing EC
+        groups and points on free.
+    <li>Various openssl(1) improvements.
+    <li>Various nc(1) improvements.
     </ul>
+
+  <li>Security fixes
+    <ul>
+    <li>A malicious certificate revocation list or timestamp response token
+        would allow an attacker to read arbitrary memory.
+    </ul>
   </ul>
 
 <li>OpenSSH XXX.YYY
@@ -234,7 +303,7 @@
   </ul>
 
   <p>Some highlights:
-  <ul style="column-count: 3"><!--- XXX all need to be checked/updated 2023-03-04 --->
+  <ul style="column-count: 3"><!-- XXX all need to be checked/updated 2023-03-04 -->
     <li>Asterisk 16.28.0, 18.14.0 and 19.6.0
     <li>Audacity 2.4.2
     <li>CMake 3.24.2
@@ -282,7 +351,7 @@
 <li>As usual, steady improvements in manual pages and other documentation.
 
 <li>The system includes the following major components from outside suppliers:
-  <ul><!--- XXX all need to be checked/updated 2023-03-04 --->
+  <ul><!-- XXX all need to be checked/updated 2023-03-04 -->
     <li>Xenocara (based on X.Org 7.7 with xserver 21.1.4 + patches,
         freetype 2.12.1, fontconfig 2.13.94, Mesa 22.1.7, xterm 372,
         xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
