[openssl-commits] [openssl] OpenSSL_1_0_2a create

Matt Caswell matt at openssl.org
Thu Mar 19 14:06:58 UTC 2015


The annotated tag OpenSSL_1_0_2a has been created
        at  ab2de707f72a82e0294bae08cca97455b635a656 (tag)
   tagging  3df69d3aefde7671053d4e3c242b228e5d79c83f (commit)
  replaces  OpenSSL_1_0_2
 tagged by  Matt Caswell
        on  Thu Mar 19 13:31:16 2015 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.0.2a release tag

Andy Polyakov (9):
      modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure     on affected platforms (PowerPC and AArch64).
      cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].
      Harmonize objects.pl output with new format.
      Bring objects.pl output even closer to new format.
      objects/obj_xref.h: revert reformat.
      sha/asm/sha1-586.pl: fix typo.
      Fix crash in SPARC T4 XTS.
      evp/e_aes.c: fix SPARC T4-specific problem:
      Avoid reading an unused byte after the buffer

Carl Jackson (1):
      Fix regression in ASN1_UTCTIME_cmp_time_t

David Woodhouse (1):
      Wrong SSL version in DTLS1_BAD_VER ClientHello

Dmitry-Me (1):
      Fix wrong numbers being passed as string lengths

Doug Hogan (1):
      Avoid a double-free in an error path.

Dr. Stephen Henson (20):
      FIPS build fixes.
      Check PKCS#8 pkey field is valid before cleansing.
      Preliminary ASN1_TIME documentation.
      Make objxref.pl output in correct format
      Fix memory leak reporting.
      typo
      Document -no_explicit
      Fix format script.
      Check public key is not NULL.
      Additional CMS documentation.
      Cleanse PKCS#8 private key components.
      fix warning
      update ordinals
      ASN.1 print fix.
      additional configuration documentation
      Add support for ServerInfo SSL_CONF option.
      Free up ADB and CHOICE if already initialised.
      Reject invalid PSS parameters.
      Fix for CVE-2015-0291
      Fix ASN1_TYPE_cmp

Edgar Pek (1):
      Fix null-pointer dereference

Emilia Kasper (5):
      Fix hostname validation in the command-line tool to honour negative return values.
      Harmonize return values in dtls1_buffer_record
      Fix undefined behaviour in shifts.
      PKCS#7: avoid NULL pointer dereferences with missing content
      Fix reachable assert in SSLv2 servers.

Eric Dequin (1):
      Missing OPENSSL_free on error path.

Graeme Perrow (1):
      RT3670: Check return from BUF_MEM_grow_clean

Kurt Cancemi (1):
      Use constants not numbers

Kurt Roeckx (3):
      Fix segfault with empty fields as last in the config.
      Fix memory leak
      Remove export ciphers from the DEFAULT cipher list

Matt Caswell (49):
      Prepare for 1.0.2a-dev
      Make DTLS always act as if read_ahead is set. The actual value of read_ahead     is ignored for DTLS.
      Remove explicit setting of read_ahead for DTLS. It never makes sense not to     use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs     to be the default.
      Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead     functions.
      Fix error handling in ssltest
      Import evp_test.c from BoringSSL. Unfortunately we already have a file     called evp_test.c, so I have called this one evp_extra_test.c
      Fix a failure to NULL a pointer freed on error.
      Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey
      Add dire warnings about the "reuse" capability of the d2i_* functions.
      Remove pointless free, and use preferred way of calling d2i_* functions
      Fix some minor documentation issues
      Update the SHA* documentation     Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note     the restriction on setting md to NULL with regards to thread safety.
      Fix evp_extra_test.c with no-ec     When OpenSSL is configured with no-ec, then the new evp_extra_test fails to     pass. This change adds appropriate OPENSSL_NO_EC guards around the code.
      Fix missing return value checks.
      Fixed missing return value checks.
      Fix d2i_SSL_SESSION for DTLS1_BAD_VER
      Unchecked malloc fixes
      Update mkerr.pl for new format
      Fix DTLS1_BAD_VER regression
      Prevent handshake with unseeded PRNG
      Cleanse buffers
      Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf
      Fix error handling in bn_exp
      Fix EVP_DigestInit_ex with NULL digest
      ASN1_primitive_new NULL param handling
      Fix asn1_item_print_ctx
      Fix dh_pub_encode
      Fix dsa_pub_encode
      Fix missing return checks in v3_cpols.c
      SSL_check_chain fix
      Add malloc failure checks
      Move malloc fail checks closer to malloc
      Fix memset call in stack.c
      Add sanity check to PRF
      Fix seg fault in s_time
      Remove dead code from crypto
      Dead code removal from apps
      Multiblock corrupted pointer fix
      Fix Seg fault in DTLSv1_listen
      Fix DHE Null CKE vulnerability
      Remove overlapping CHANGES/NEWS entries
      Fix CHANGES discrepancies
      Fix discrepancy in NEWS file
      Update CHANGES for release
      Update NEWS file
      Fix a failure to NULL a pointer freed on error.
      Fix unsigned/signed warnings
      make update
      Prepare for 1.0.2a release

Rainer Jung (1):
      Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using     the extract-names.pl script.

Rich Salz (5):
      Make OPENSSL_config truly ignore errors.
      Remove unused eng_rsax and related asm file
      Remove obsolete support for old code.
      Fixed bad formatting in crypto/des/spr.h
      RT3684: rand_egd needs stddef.h

Richard Godbee (1):
      BIO_debug_callback: Fix output on 64-bit machines

Richard Levitte (5):
      dso_vms needs to add the .EXE extension if there is none already
      VMS exit codes weren't handled well enough and were unclear
      Transfer a fix from 1.0.1
      Assume TERMIOS is default, remove TERMIO on all Linux.
      Restore -DTERMIO/-DTERMIOS on Windows platforms.

-----------------------------------------------------------------------


More information about the openssl-commits mailing list