[openssl-commits] [openssl] OpenSSL_1_0_2f create

Matt Caswell matt at openssl.org
Thu Jan 28 14:42:21 UTC 2016

The annotated tag OpenSSL_1_0_2f has been created
        at  983d1b7f21942b1373f6b2854dee6d36eac97219 (tag)
   tagging  95605f3ae1ec8857e8cb612ce35805a3b0207d21 (commit)
  replaces  OpenSSL_1_0_2e
 tagged by  Matt Caswell
        on  Thu Jan 28 13:57:22 2016 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.0.2f release tag

Alessandro Ghedini (1):
      Validate ClientHello session_id field length and send alert on failure

Andy Polyakov (2):
      ec/ecp_nistz256_table.c: fix potential misalignment problem with Sun C.
      x86_64 assembly pack: tune clang version detection even further.

Billy Brumley (1):
      RT3863 ECC: Add missing NULL check. Set a flag

Daniel Kahn Gillmor (1):
      The functions take a SSL *, not a SSL_CTX *

David Benjamin (1):
      Fix memory leak in DSA redo case.

Dr Stephen Henson (1):
      Don't use applink for static builds.

Dr. Stephen Henson (2):
      Don't check RSA_FLAG_SIGN_VER.
      To avoid possible time_t overflow use X509_time_adj_ex()

Emilia Kasper (1):
      Fix a ** 0 mod 1 = 0 for real this time.

Kristian Amlie (1):
      Don't use "grep -q", "-q" is not POSIX, and fails on Solaris.

Kurt Roeckx (2):
      File is about s_time, not s_client
      Change minimum DH size from 768 to 1024

Matt Caswell (15):
      Prepare for 1.0.2f-dev
      Add a return value check
      Fix DTLS handshake fragment retries
      Ensure |rwstate| is set correctly on BIO_flush
      Fix URLs mangled by reformat
      Fix more URLs mangled by reformat
      Fix error when server does not send CertificateStatus message
      Ensure we don't call the OCSP callback if resuming a session
      Add some documentation for the OCSP callback functions
      Handle SSL_shutdown while in init more appropriately
      Prevent small subgroup attacks on DH/DHE
      Always generate DH keys for ephemeral DH cipher suites
      Add a test for small subgroup attacks on DH/DHE
      Update CHANGES and NEWS for release
      Prepare for 1.0.2f release

Mouse (6):
      Fixed a bug preventing pkeyutl from accessing keys directly on the token via engine_pkcs11
      Fixed crash (SIGSEGV) when freeing of ex_data stumbles upon a NULL-pointer.
      Remove unnecessary debugging fprintf
      Pass engine=NULL to EVP_PKEY_CTX_new(), unless "-engine_impl" was given
      Root cause discovered and fixed, this fix became unnecessary
      pkeyutl: allow peerkey for EC_DERIVE to reside on a hardware token (public key for now)

Prayag Verma (1):
      Update license year range to 2016

Rich Salz (4):
      Refer to website for acknowledgements.
      Provide better "make depend" warning.
      RT4202: Update rt URL's.
      GH issue 572: Error in help message

Richard Levitte (15):
      Small changes to creating dists
      In travis, build from a "source release" rather than from the build tree
      Do not add symlinks in the source release
      Change tar owner and group to just 0
      Cleanup the EVP_MD_CTX before exit rather than after
      Make it possible to affect the way dists are made
      Adapt the OS X build to use the OS X tar
      Not all 'find's know -xtype, use -type instead
      Fix tarball production to keep test/bctest and util/pod2mantest
      Remove the "eay" c-file-style indicators
      Have BIO_get_conn_int_port use BIO_ctrl instead BIO_int_ctrl
      Document how BIO_get_conn_ip and BIO_get_conn_int_port actually work
      Correct or add comments indicating what controls belong to what
      BIO_s_datagram() ctrl doesn't support SEEK/TELL, so don't pretend it does
      Fix BSD -rpath parameter

Uri Blumenthal (1):
      Changed help output

Viktor Dukhovni (3):
      Fix X509_STORE_CTX_cleanup()
      Empty SNI names are not valid
      Better SSLv2 cipher-suite enforcement

Zi Lin (1):
      NGX-2040 - fix wildcard match on punycode/IDNA DNS names

arijitnayak (1):
      Wrong definition of the macro SSL_set1_sigalgs in ssl.h


More information about the openssl-commits mailing list