[openssl-commits] [openssl] OpenSSL_1_0_1u create

Matt Caswell matt at openssl.org
Thu Sep 22 10:38:12 UTC 2016

The annotated tag OpenSSL_1_0_1u has been created
        at  1883c9e66f488b03bacf2fb634ae0cda438352b1 (tag)
   tagging  888759a1d38197f29de7227876c3b58fbff8549f (commit)
  replaces  OpenSSL_1_0_1t
 tagged by  Matt Caswell
        on  Thu Sep 22 11:30:27 2016 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.0.1u release tag
Version: GnuPG v1


Cesar Pereida (1):
      Fix DSA, preserve BN_FLG_CONSTTIME

David Woodhouse (1):
      Fix SSL_export_keying_material() for DTLS1_BAD_VER

Dmitry Belyavsky (1):
      Avoid KCI attack for GOST

Dr. Stephen Henson (29):
      add documentation
      Fix double free in d2i_PrivateKey().
      Fix name length limit check.
      Always try to set ASN.1 parameters for CMS.
      Use default ASN.1 for SEED.
      Only set CMS parameter when encrypting
      Tidy up PKCS12_newpass() fix memory leaks.
      Constify PKCS12_newpass()
      Only call FIPS_update, FIPS_final in FIPS mode.
      Update S/MIME certificates.
      Fix OOB read in TS_OBJ_print_bio().
      Check for overlows and error return from ASN1_object_size()
      Check for overflows in ASN1_object_size().
      include <limits.h>
      Calculate sequence length properly.
      Check for overflows in i2d_ASN1_SET()
      Limit recursion depth in old d2i_ASN1_bytes function
      Leak fixes.
      Sanity check input length in OPENSSL_uni2asc().
      Check for errors in a2d_ASN1_OBJECT()
      Check for errors in BN_bn2dec()
      Limit reads in do_b2i_bio()
      Sanity check ticket length.
      Avoid overflow in MDC2_Update()
      Fix small OOB reads.
      Remove unnecessary check.
      Use SSL3_HM_HEADER_LENGTH instead of 4.
      Make message buffer slightly larger than message.
      update default dependency options

Kazuki Yamaguchi (1):
      Fix overflow check in BN_bn2dec()

Kurt Roeckx (2):
      Return error when trying to print invalid ASN1 integer
      Fix off by 1 in ASN1_STRING_set()

Matt Caswell (16):
      Prepare for 1.0.1u-dev
      Check that the obtained public key is valid
      Fix error return value in SRP functions
      Avoid some undefined pointer arithmetic
      More fix DSA, preserve BN_FLG_CONSTTIME
      Change usage of RAND_pseudo_bytes to RAND_bytes
      Convert memset calls to OPENSSL_cleanse
      Fix DTLS unprocessed records bug
      Fix DTLS replay protection
      Update function error code
      Fix DTLS buffered message DoS attack
      Prevent DTLS Finished message injection
      Fix OCSP Status Request extension unbounded memory growth
      Updates CHANGES and NEWS for new release
      Prepare for 1.0.1u release

Rich Salz (3):
      Recommend GH over RT, per team vote.
      RT3940: For now, just document the issue.
      SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM

Richard Levitte (4):
      Check that the subject name in a proxy cert complies to RFC 3820
      Fix proxy certificate pathlength verification
      Allow proxy certs to be present when verifying a chain
      make update to have PEM_R_HEADER_TOO_LONG defined

Viktor Dukhovni (2):
      Clarify negative return from X509_verify_cert()
      Ensure verify error is set when X509_verify_cert() fails


More information about the openssl-commits mailing list