===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/74.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- www/74.html	2023/10/04 05:51:39	1.6
+++ www/74.html	2023/10/04 08:42:20	1.7
@@ -174,27 +174,169 @@
   <li>...
   </ul>
 
-<li>LibreSSL version X.X.X
+<li>LibreSSL version 3.8.2
   <ul>
+  <li>Security fixes
+    <ul>
+    <li>Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no longer
+      be selected for use.
+    <li>BN_is_prime{,_fasttest}_ex() refuse to check numbers larger than
+      32 kbits for primality. This mitigates various DoS vectors.
+    <li>Restricted the RFC 3779 code to IPv4 and IPv6. It was not written
+      to be able to deal with anything else.
+    </ul>
+  <li>Portable changes
+    <ul>
+    <li>Extended the endian.h compat header with hto* and *toh macros.
+    <li>Adapted more tests to the portable framework.
+    <li>Internal tools are now statically linked.
+    <li>Applications bundled as part of the LibreSSL package internally,
+      nc(1) and openssl(1), now are linked statically if static libraries
+      are built.
+    <li>Internal compatibility function symbols are no longer exported from
+      libcrypto. Instead, the libcompat library is linked to libcrypto,
+      libssl, and libtls separately. This increases size a little, but
+      ensures that the libraries are not exporting symbols to programs
+      unintentionally.
+    <li>Selective removal of CET implementation on platforms where it is
+      not supported (macOS).
+    <li>Integrated four more tests.
+    <li>Added Windows ARM64 architecture to tested platforms.
+    <li>Removed Solaris 10 support, fixed Solaris 11.
+    <li>libtls no longer links statically to libcrypto / libssl unless
+	    <code>--enable-libtls-only</code> is specified at configure time.
+    <li>Improved Windows compatibility library, namely handling of files vs
+      sockets, correcting an exception when operating on a closed socket.
+    <li>CMake builds no longer hardcode <code>-O2</code> into the compiler flags,
+      instead using flags from the CMake build type instead.
+    <li>Set the CMake default build type to <code>Release</code>. This can be overridden
+      during configuration.
+    <li>Fixed broken ASM support with MinGW builds.
+    </ul>
   <li>New features
     <ul>
-    <li>...
+    <li>Added support for truncated SHA-2 and for SHA-3.
+    <li>The BPSW primality test performs additional Miller-Rabin rounds
+      with random bases to reduce the likelihood of composites passing.
+    <li>Allow testing of ciphers and digests using badly aligned buffers
+      in openssl speed using -unalign.
+    <li>Ed25519 certificates are now supported in openssl(1) ca and req.
+      Prepared Ed25519 support in libssl.
+    <li>Add branch target information (BTI) support to amd64 and arm64
+      assembly.
     </ul>
-
   <li>Compatibility changes
     <ul>
-    <li>...
+    <li>Added a workaround for a poorly thought-out change in OpenSSL 3 that
+      broke privilege separation support in libtls.
+    <li>Moved libtls from ECDSA_METHOD to EC_KEY_METHOD.
+    <li>Removed GF2m support: BIGNUM no longer supports binary extension
+      field arithmetic and all binary elliptic builtin curves were removed.
+    <li>Removed dangerous, "fast" NIST prime and elliptic curve implementations.
+      In particular, EC_GFp_nist_method() is no longer available.
+    <li>Removed most public symbols that were deprecated in OpenSSL 0.9.8.
+    <li>Removed the public X9.31 API (RSA_X931_PADDING is still available).
+    <li>Removed Cipher Text Stealing mode.
+      openssl(1) nseq command.
+    <li>Removed ENGINE support, including ECDH_METHOD and ECDSA_METHOD.
+    <li>Removed COMP, DSO, dynamic loading of conf modules and support for
+      custom ex_data and error stacks.
+    <li>Removed proxy certificate (RFC 3820) support.
+    <li>Removed SXNET and NETSCAPE_CERT_SEQUENCE support including the
+    <li>ENGINE support was removed and OPENSSL_NO_ENGINE is set. In spite
+      of this, some stub functions are provided to avoid patching some
+      applications that do not honor OPENSSL_NO_ENGINE.
+    <li>The POLICY_TREE and its related structures and API were removed.
+    <li>In X509_VERIFY_PARAM_inherit() copy hostflags independently of the
+      host list.
+    <li>Made CRYPTO_get_ex_new_index() not return 0 to allow applications
+      to use *_{get,set}_app_data() and *_{get,set}_ex_data() alongside
+      each other.
+    <li>X509_NAME_get_text_by_{NID,OBJ}() now only succeed if they contain
+      valid UTF-8 without embedded NUL.
+    <li>The explicitText user notice uses UTF8String instead of VisibleString
+      to reduce the risk of emitting certificates with invalid DER-encoding.
+    <li>Initial fixes for RSA-PSS support to make the TLSv1.3 stack more
+      compliant with RFC 8446.
+    <li>Fixed EVP_CIPHER_CTX_iv_length() to return what was set with
+      EVP_CTRL_AEAD_SET_IVLEN or one of its aliases.
     </ul>
-
+  <li>Internal improvements
+    <ul>
+    <li>Improved sieve of Eratosthenes script used for generating a table
+      of small primes.
+    <li>Removed incomplete and dangerous BN_RECURSION code.
+    <li>Imported RFC 5280 policy checking code from BoringSSL and used it
+      to replace the old exponential time code.
+    <li>Converted more of libcrypto to use CBB/CBS.
+    <li>Started cleaning up and rewriting SHA internals.
+    <li>Reduced the dependency of hash implementations on many layers of
+      macros. This results in significant speedups since modern compilers
+      are now less confused.
+    <li>Improved BIGNUM internals and performance.
+    <li>Significantly simplified the BN_BLINDING internals used in RSA.
+    <li>Made BN_num_bits() independent of bn->top.
+    <li>Rewrote and simplified bn_sqr().
+    <li>Significantly improved Montgomery multiplication performance.
+    <li>Rewrote and improved BN_exp() and BN_copy().
+    <li>Changed ASN1_item_sign_ctx() and ASN1_item_verify() to work with
+      Ed25519 and fixed a few bugs in there.
+    <li>Lots of cleanup for DH, DSA, EC, RSA internals.  Plugged numerous
+      memory leaks, fixed logic errors and inconsistencies.
+    <li>Cleaned up and simplified various ECDH and ECDSA internals.
+    <li>Removed EC_GROUP precomp machinery.
+    <li>Fixed various issues with EVP_PKEY_CTX_{new,dup}().
+    <li>Rewrote OBJ_find_sigid_algs() and OBJ_find_sigid_by_algs().
+    <li>Improved X.509 certificate version checks.
+    <li>Ensure no X.509v3 extensions appear more than once in certificates.
+    <li>Replaced ASN1_bn_print with a cleaner internal implementation.
+    <li>Fix OPENSSL_cpuid_setup() invocations on arm/aarch64.
+    <li>Improved checks for commonName in libtls.
+    <li>Fixed error check for X509_get_ext_d2i() failure in libtls.
+    <li>Removed code guarded by #ifdef ZLIB.
+    <li>Plug a potential memory leak in ASN1_TIME_normalize().
+    <li>Fixed a use of uninitialized in i2r_IPAddrBlocks().
+    <li>Rewrote CMS_SignerInfo_{sign,verify}().
+    </ul>
   <li>Bug fixes
     <ul>
-    <li>...
+    <li>Correctly handle negative input to various BIGNUM functions.
+    <li>Ensure ERR_load_ERR_strings() does not set errno unexpectedly.
+    <li>Fix error checking of i2d_ECDSA_SIG() in ossl_ecdsa_sign().
+    <li>Fixed aliasing issue in BN_mod_inverse().
+    <li>Fixed detection of extended operations (XOP) on AMD hardware.
+    <li>Ensure Montgomery exponentiation is used for the initial RSA blinding.
+    <li>Policy is always checked in X509 validation. Critical policy extensions
+      are no longer silently ignored.
+    <li>Fixed error handling in tls_check_common_name().
+    <li>Add missing pointer invalidation in SSL_free().
+    <li>Fixed X509err() and X509V3err() and their internal versions.
+    <li>Ensure that OBJ_obj2txt() always returns a C string again.
+    <li>Fixed aliasing issue in BN_mod_inverse().
+    <li>Made EVP_PKEY_set1_hkdf_key() fail on a NULL key.
+    <li>On socket errors in the poll loop, netcat could issue system calls
+      on invalidated file descriptors.
+    <li>Allow IP addresses to be specified in a URI.
+    <li>Fixed a copy-paste error in ASN1_TIME_compare() that could lead
+      to two UTCTimes or two GeneralizedTimes incorrectly being compared
+      as equal.
     </ul>
-
-  <li>Internal improvements
+  <li>Documentation improvements
     <ul>
-    <li>...
+    <li>Improved documentation of BIO_ctrl(3), BIO_set_info_callback(3),
+      BIO_get_info_callback(3), BIO_method_type(3), and BIO_method_name(3).
+    <li>Marked BIO_CB_return(), BIO_cb_pre(), and BIO_cb_post() as intentionally
+      undocumented.
+    <li>Made it very explicit that the verify callback should not be used.
+    <li>Called out that the CRL lastUpdate is standardized as thisUpdate.
+    <li>Documented the RFC 3779 API and its shortcomings.
     </ul>
+  <li>Testing and Proactive Security
+    <ul>
+    <li>Significantly improved test coverage of BN_mod_sqrt() and GCD.
+    <li>As always, new test coverage is added as bugs are fixed and subsystems
+      are cleaned up.
+    </ul>
   </ul>
 
 <li>OpenSSH XXX.YYY
@@ -234,7 +376,7 @@
   </ul>
 
   <p>Some highlights:
-  <ul style="column-count: 3"><!--- XXX all need to be checked/updated 2023-03-04 --->
+  <ul style="column-count: 3"><!-- XXX all need to be checked/updated 2023-03-04 -->
     <li>Asterisk 16.30.1, 18.19.0 and 20.4.0
     <li>Audacity 3.3.3
     <li>CMake 3.27.5
@@ -282,7 +424,7 @@
 <li>As usual, steady improvements in manual pages and other documentation.
 
 <li>The system includes the following major components from outside suppliers:
-  <ul><!--- XXX all need to be checked/updated 2023-03-04 --->
+  <ul><!-- XXX all need to be checked/updated 2023-03-04 -->
     <li>Xenocara (based on X.Org 7.7 with xserver 21.1.8 + patches,
         freetype 2.13.0, fontconfig 2.14.2, Mesa 22.3.7, xterm 378,
         xkeyboard-config 2.20, fonttosfnt 1.2.2 and more)
