[openssl-commits] [openssl] OpenSSL_1_0_2e create

Matt Caswell matt at openssl.org
Thu Dec 3 15:35:38 UTC 2015


The annotated tag OpenSSL_1_0_2e has been created
        at  d299bbd186a06e10ca1c8b12ecc24ee177a07126 (tag)
   tagging  bfe07df40c13ea2564bb4577620180e3f4849e23 (commit)
  replaces  OpenSSL_1_0_2d
 tagged by  Matt Caswell
        on  Thu Dec 3 14:44:31 2015 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.0.2e release tag

Adam Eijdenberg (1):
      Clarify return values for EVP_DigestVerifyFinal.

Alessandro Ghedini (15):
      GH371: Print debug info for ALPN extension
      GH354: Memory leak fixes
      Add initial Travis CI configuration
      Make BUF_strndup() read-safe on arbitrary inputs
      Validate ClientHello extension field length
      Fix travis 1.0.2 builds
      Do not treat 0 return value from BIO_get_fd() as error
      Replace malloc+strlcpy with strdup
      Fix memory leaks and other mistakes on errors
      Set salt length after the malloc has succeeded
      Fix typos
      Fix references to various RFCs
      Check memory allocation
      Remove useless code
      Add initial AppVeyor configuration

Andy Polyakov (10):
      modes/asm/ghash-armv4.pl: make it compile by clang. RT#3989
      aesni-sha256-x86_64.pl: fix crash on AMD Jaguar.
      bn/asm/s390x.S: improve performance on z196 and z13 by up to 26%. [even z10 is couple percent faster]. Triggered by RT#4128, but solves the problem by real modulo-scheduling.
      bn/asm/ppc64-mont.pl: adapt for little-endian.
      aes/asm/vpaes-ppc.pl: eliminate overhung stores in misaligned cases.
      Makefile.org: add LC_ALL=C to unify error [and other] messages.
      x86_64 assembly pack: tune clang version detection.
      crypto/sparcv9cap.c: add SIGILL-free feature detection for Solaris.
      perlasm/ppc-xlate.pl: comply with ABIs that specify vrsave as reserved.
      bn/asm/x86_64-mont5.pl: fix carry propagating bug (CVE-2015-3193).

Anton Blanchard (1):
      RT3990: Fix #include path.

Ben Kaduk (1):
      GH367 follow-up, for more clarity

David Brodski (1):
      Fixed problem with multiple load-unload of comp zlib

David Woodhouse (2):
      RT3998: fix X509_check_host.pod release to 1.0.2
      RT3479: Add UTF8 support to BIO_read_filename()

Dirk Wetter (1):
      GH336: Return an exit code if report fails

Dr. Stephen Henson (26):
      Sort @sstacklst correctly.
      correct example
      use X9.31 keygen by default in FIPS mode
      Err isn't always malloc failure.
      Fix memory leak if setup fails.
      Return error for unsupported modes.
      Documentation for SSL_check_chain()
      Update docs.
      Match SUITEB strings at start of cipher list.
      Use default field separator.
      Check for FIPS mode after loading config.
      Constify ECDSA_METHOD_new.
      Make SRP work with -www
      Handle SSL_ERROR_WANT_X509_LOOKUP
      SRP memory leak fix
      Link in applink with fips_premain_dso
      Don't try and parse boolean type.
      Typo.
      RFC5753 compliance.
      Fix self signed handling.
      Reject TLS 1.2 ciphersuites if not allowed.
      Limit depth of ASN1 parse printing.
      Fix uninitialised p error.
      Fix leak with ASN.1 combine.
      Add PSS parameter check.
      Add test for CVE-2015-3194

Emilia Kasper (14):
      rsaz_exp.h: align license with the rest of the contribution
      bntest: don't dereference the |d| array for a zero BIGNUM.
      BN_mod_exp_mont_consttime: check for zero modulus.
      RT 3493: fix RSA test
      RT4002: check for NULL cipher in p12_crpt.c
      Add missing CHANGES entry for 1.0.2
      RT3754: check for NULL pointer
      RT3757: base64 encoding bugs
      base64 decode: check for high bit
      BUF_strndup: tidy
      BUF_strdup and friends: update docs
      Document BUF_strnlen
      RT2772: accept empty SessionTicket
      make depend: prefer clang over makedepend

Ernie Hershey (1):
      GH322: Fix typo in generated comment.

GitHub User (1):
      Missing perldoc markup around < literal

Graeme Perrow (1):
      RT32671: wrong multiple errs TS_check_status_info

Gunnar Kudrjavets (1):
      RT3823: Improve the robustness of event logging

Guy Leaver (guleaver) (1):
      Fix seg fault with 0 p val in SKE

Hiroyuki YAMAMORI (2):
      Fix DTLS1.2 buffers
      Fix DTLS1.2 compression

Hubert Kario (1):
      GH351: -help text for some s_client/s_server flags

Ismo Puustinen (3):
      GH364: Free memory on an error path
      GH367: Fix dsa keygen for too-short seed
      GH367: use random data if seed too short.

Ivo Raisr (1):
      Make no-psk compile without warnings.

John Foley (1):
      Use memmove instead of memcpy.

Kurt Roeckx (6):
      d2i: don't update input pointer on failure
      Fix return values when adding serverinfo fails.
      Fix more d2i cases to properly update the input pointer
      Use defined(__sun) instead of defined(sun)
      Set reference count earlier
      Use both sun and __sun

Loganaden Velvindron (1):
      Clear BN-mont values when free'ing it.

Marcus Meissner (1):
      mark openssl configuration as loaded at end of OPENSSL_config

Markus Rinne (1):
      RT4019: Duplicate -hmac flag in dgst.pod

Martin Vejnar (1):
      RT3774: double-free in DSA

Matt Caswell (27):
      Prepare for 1.0.2e-dev
      Add test for SSL_set_session_ticket_ext
      Fix SSL_set_session_ticket_ext when used with SSLv23_method
      Fix write failure handling in DTLS1.2
      Fix warning when compiling with no-ec2m
      Check for 0 modulus in BN_MONT_CTX_set
      Fix missing return value checks in SCTP
      Fix "make test" seg fault with SCTP enabled
      Fix DTLS session ticket renewal
      Fix building with OPENSSL_NO_TLSEXT.
      Fix session resumption
      Make sure OPENSSL_cleanse checks for NULL
      Fix SRP memory leaks
      Change functions to pass in a limit rather than calculate it
      Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify
      Clarify the preferred way of creating patch files
      Minor EVP_SignInit_ex doc fix
      Ensure the dtls1_get_*_methods work with DTLS_ANY_VERSION
      Fix missing malloc return value checks
      Remove redundant check from tls1_get_curvelist
      Only call ssl3_init_finished_mac once for DTLS
      Stop DTLS servers asking for unsafe legacy renegotiation
      Ensure all EVP calls have their returns checked where appropriate
      Remove cookie validation return value trick
      Update CHANGES and NEWS
      make update
      Prepare for 1.0.2e release

Nicholas Cooper (1):
      RT3959: Fix misleading comment

Pascal Cuoq (5):
      Set flags to 0 before calling BN_with_flags()
      Properly check return type of DH_compute_key()
      Move BN_CTX_start() call so the error case can always call BN_CTX_end().
      BN_GF2m_mod_inv(): check bn_wexpand return value
      ssl3_free(): Return if it wasn't created

Peter Mosmans (1):
      RT3346: Fix test_bn regexp for Windows using MSYS.

Peter Waltenberg (1):
      Exit on error in ecparam

Rich Salz (19):
      Revert "Missing perldoc markup around < literal"
      Tweak README about rt and bug reporting.
      Various doc fixes from GH pull requests
      Fix 1.0.2 build break
      Move FAQ to the web.
      GH345: Remove stderr output
      GH372: Remove duplicate flags
      Remove the "times" directory.
      RT3767: openssl_button.gif should be PNG
      Remove bogus CHANGES entries
      RT4044: Remove .cvsignore files.
      RT4044: Remove .cvsignore files.
      This undoes GH367 for non-master
      GH398: Add mingw cross-compile, etc.
      Change --debug to -d for compat with old releases.
      Fix typo in previous merge.
      Various README and CONTRIBUTING updates
      Fix release in README
      Fix README version typo

Richard Levitte (14):
      Stop using tardy
      Set numeric IDs for tar as well
      Remove extra '; \' in apps/Makefile
      Small script to re-encode files that need it to UTF-8
      Conversion to UTF-8 where needed
      Add new types to indent.pro
      Add emacs CC mode style for OpenSSL
      Add an example .dir-locals.el
      Remove auto-fill-mode
      Ignore .dir-locals.el
      When ENGINE_add finds that id or name is missing, actually return
      Make the match for previous cflags a bit more strict
      _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead
      Add cleanup of *.s

Tim Zhang (1):
      Fix the comment for POINT_CONVERSION_UNCOMPRESSED

Viktor Dukhovni (5):
      GH correct organizationalUnitName
      Better handling of verify param id peername field
      Cleaner handling of "cnid" in do_x509_check
      Fix indentation
      Good hygiene with size_t output argument.

mancha (1):
      Fix author credit for e5c0bc6

mrpre (1):
      check bn_new return value

-----------------------------------------------------------------------


More information about the openssl-commits mailing list