===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/75.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -c -r1.2 -r1.3
*** www/75.html	2024/03/03 20:55:54	1.2
--- www/75.html	2024/03/09 17:50:13	1.3
***************
*** 230,268 ****
    <li>...
    </ul>
  
! <li>LibreSSL version 3.8.x
    <ul>
!   <li>Security fixes
      <ul>
!     <li>...
      </ul>
!   <li>Portable changes
      <ul>
!     <li>...
      </ul>
!   <li>New features
      <ul>
!     <li>...
      </ul>
!   <li>Compatibility changes
      <ul>
!     <li>...
      </ul>
!   <li>Internal improvements
      <ul>
!     <li>...
      </ul>
    <li>Bug fixes
      <ul>
!     <li>...
!     </ul>
!   <li>Documentation improvements
!     <ul>
!     <li>...
!     </ul>
!   <li>Testing and Proactive Security
!     <ul>
!     <li>...
      </ul>
    </ul>
  
--- 230,337 ----
    <li>...
    </ul>
  
! <li>LibreSSL version 3.9.0
    <ul>
!   <li>Portable changes
      <ul>
!     <li>libcrypto no longer exports compat symbols in cmake builds.
!     <li>Most compatibility symbols are prefixed with <code>libressl_</code>
!       to avoid symbol clashes in static links.
!     <li>Fixed various warnings on Windows.
!     <li>Removed assert pop-ups with Windows debug builds.
!     <li>Fixed crashes and hangs in Windows ARM64 builds.
!     <li>Improved control-flow enforcement (CET) support.
      </ul>
!   <li>Internal improvements
      <ul>
!     <li>Converted uses of <code>OBJ_bsearch_()</code> to standard
!       <a href="https://man.openbsd.org/bsearch">bsearch(3)</a>.
!     <li>Greatly simplified <code>by_file_ctrl()</code>.
!     <li>Simplified and cleaned up the OBJ_ API.
!     <li>Cleaned up the <a href="https://man.openbsd.org/EVP_CipherInit">EVP_Cipher{Init,Update,Final}(3)</a> implementations.
!     <li>Removed unused function pointers from X.509 stores and contexts.
!     <li>A lot of cleanup and reorganization in EVP.
!     <li>Removed all remaining <code>ENGINE</code> tentacles.
!     <li>Simplified internals of <code>X509_TRUST</code> handling.
!     <li>Made deletion from a <a href="https://man.openbsd.org/lh_delete">lhash</a>
!       doall callback safe.
!     <li>Rewrote <a href="https://man.openbsd.org/BIO_dump">BIO_dump*(3)</a> internals
!       to be less bad.
      </ul>
!   <li>Documentation improvements
      <ul>
!     <li><code>ENGINE</code> documentation was updated to reflect reality.
!     <li>Made EVP API documentation more accurate and less incoherent. 
!     <li>Call out some shortcomings of the <code>EC_KEY_set_*</code> API explicitly.
      </ul>
!   <li>Testing and proactive security
      <ul>
!     <li>Bug fixes and simplifications in the Wycheproof tests.
      </ul>
!   <li>Compatibility changes
      <ul>
!     <li>Added ChaCha20 and chacha20 aliases for ChaCha.
!     <li><a href="https://man.openbsd.org/SSL_library_init">SSL_library_init(3)</a>
!       now has the same effect as OPENSSL_init_ssl().
!     <li><code>EVP_add_{cipher,digest}()</code> were removed. From the <code>OBJ_NAME</code> API,
!       only <a href="https://man.openbsd.org/OBJ_NAME_do_all">OBJ_NAME_do_all*()</a> remain.
!       In particular, it is no longer possible to add aliases for ciphers and digests.
!     <li>The thread unsafe global tables are no longer supported. It is no
!       longer possible to add aliases for ciphers and digests, custom ASN.1
!       strings table entries, ASN.1 methods, PKEY methods, digest methods,
!       CRL methods, purpose and trust identifiers, or X.509 extensions.
!     <li>Removed the _cb() and _fp() versions of
!       <a href="https://man.openbsd.org/BIO_dump">BIO_dump{,_indent}()</a>.
!     <li><code>BIO_set()</code> was removed.
!     <li><code>BIO_{sn,v,vsn}printf()</code> were removed.
!     <li>Turn the long dysfunctional
!       <a href="https://man.openbsd.org/openssl(1)">openssl(1)</a>
!       <code>s_client -pause</code> into a noop.
!     <li><a href="https://man.openbsd.org/openssl(1)">openssl(1)</a> <code>x509</code>
!      now supports <code>-new</code>, <code>-force_pubkey</code>, <code>-multivalue-rdn</code>,
!       <code>-set_issuer</code> <code>-set_subject</code>, and <code>-utf8</code>.
!     <li>Support ECDSA with SHA-3 signature algorithms.
!     <li>Support HMAC with truncated SHA-2 and SHA-3 as PBE PRF.
!     <li>GOST and STREEBOG support was removed.
!     <li><code>CRYPTO_THREADID</code>, <code>_LHASH</code>, <code>_STACK</code> and
!       <code>X509_PURPOSE</code> are now opaque, <code>X509_CERT_AUX</code> and
!       <code>X509_TRUST</code> were removed from the public API.
!     <li><a href="https://man.openbsd.org/ASN1_STRING_TABLE_get()">ASN1_STRING_TABLE_get(3)</a>
!       and <a href="https://man.openbsd.org/X509_PURPOSE_get0">X509_PURPOSE_get0*(3)</a> now
!       return const pointers.
!     <li><code>EVP_{CIPHER,MD}_CTX_init()</code>'s signatures and semantics now match
!       OpenSSL's behavior.
!     <li><code>sk_find_ex()</code> and <code>OBJ_bsearch_()</code> were removed.
!     <li><a href="https://man.openbsd.org/CRYPTO_malloc">CRYPTO_malloc(3)</a> was fixed to use
!       <code>size_t</code> argument.  <code>CRYPTO_malloc()</code>
!       and <code>CRYPTO_free()</code> now accept file and line arguments.
!     <li>A lot of decrepit CRYPTO memory API was removed.
      </ul>
    <li>Bug fixes
      <ul>
!     <li>Fixed aliasing issues in <code>BN_mod_exp_simple()</code> and <code>BN_mod_exp_recp()</code>.
!     <li>Fixed numerous misuses of
!       <a href="https://man.openbsd.org/X509_ALGOR_set0">X509_ALGOR_set0(3)</a>
!       resulting in leaks and potentially incorrect encodings.
!     <li>Fixed potential double free in
!       <a href="https://man.openbsd.org/X509v3_asid_add_id_or_range">X509v3_asid_add_id_or_range(3)</a>.
!     <li>Stopped using <code>ASN1_time_parse()</code> outside of libcrypto.
!     <li>Prepared <a href="https://man.openbsd.org/OPENSSL_gmtime">OPENSSL_gmtime(3)</a> and
!       <a href="https://man.openbsd.org/OPENSSL_timegm">OPENSSL_timegm(3)</a> as public API
!       wrappers of internal functions compatible with BoringSSL API.
!     <li>Removed <code>print_bin()</code> to avoid overwriting the stack with 5 bytes
!       of <code>&quot;&nbsp;&quot;</code> when ECPK parameters are printed with large
!       indentation.
!     <li>Avoid a <code>NULL</code> dereference after memory allocation failure during TLS
!       version downgrade.
!     <li>Fixed various bugs in CMAC internals.
!     <li>Fixed 4-byte overreads in GHASH assembly on amd64 and i386.
!     <li>Fixed various NULL dereferences in PKCS #12 code due to mishandling
!       of OPTIONAL content in PKCS #7 ContentInfo.
!     <li>Aligned <a href="https://man.openbsd.org/SSL_shutdown">SSL_shutdown(3)</a>
!       behavior in TLSv1.3 with the legacy stack.
!     <li>Fixed the new X.509 verifier to find trust anchors in the trusted
!       stack.
      </ul>
    </ul>