[openssl-commits] [openssl] OpenSSL_1_0_2l create

Matt Caswell matt at openssl.org
Thu May 25 13:11:47 UTC 2017

The annotated tag OpenSSL_1_0_2l has been created
        at  989e5ca931f9f1e1c58495243111e518f0cfbb15 (tag)
   tagging  b3a3bab05ce32964ee32cbfe97cbe3edee5cf4a9 (commit)
  replaces  OpenSSL_1_0_2k
 tagged by  Matt Caswell
        on  Thu May 25 13:55:36 2017 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.0.2l release tag


Adrian Vollmer (1):
      Adjust the default value of the private key size

Alex Gaynor (1):
      Annotate ASN.1 attributes of the jurisdictionCountryName NID

Andy Polyakov (9):
      bio/bss_file.c: since VS2015 one can't tell apart own and "alien" FILE     pointers, except for minimal std[in|out|err].
      .travis.yml: remove osx from build matrix.
      crypto/x86_64cpuid.pl: move extended feature detection upwards.
      crypto/x86*cpuid.pl: move extended feature detection.
      aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
      bn/asm/sparcv9-mont.pl: fix squaring code path.
      aes/asm/bsaes-armv7.pl: relax stack alignment requirement.
      crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X.
      perlasm/x86_64-xlate.pl: work around problem with hex constants in masm.

Bernd Edlinger (28):
      Fix a crash with malformed user notice policy numbers
      Combined patch for the more or less obvious issues
      Fix a crash in EVP_CIPHER_CTX_cleanup due to cipher_data may be NULL     or EVP_CTRL_INIT/EVP_CTRL_COPY was not called or failed.     - if that happens set cipher = NULL.
      aes_gcm_cleanup() should check that gctx != NULL before     calling OPENSSL_cleanse()
      Fix the crash due to inconsistent enc_write_ctx     - add error handling in ssl3_generate_key_block and ssl3_change_cipher_state
      Fix issue #2113:     - enable ssl3_init_finished_mac to return an error     - don't continue the SSL state machine if that happens     in ssl3_connect:     - if ssl3_setup_buffer fails also set state to SSL_ST_ERR for consistency
      Fix some realloc error handling issues.
      Fix possible memory leak in cryptodev_digest_update.
      Add a make distclean rule in the OpenSSL_1_0_2 branch
      Cleanup *.S files.
      Fix a slightly confusing if condition in a2i_ASN1_ENUMERATED.
      Fix a slightly confusing if condition in a2i_ASN1_INTEGER.
      Fix a few memleaks in TXT_DB.
      Fix some more memory leaks with TXT_DB_insert.
      Add some more consistency checks in tls_decrypt_ticket.
      Add -Wundef to --strict-warnings options. Fix some warnings.
      Restore the test coverage of COMP_rle and SSL_COMP_add_compression_method
      Add missing usage hints how to generate primes.
      Fix build problem with current 1.0.2 branch.
      Avoid questionable use of the value of a pointer
      Fix a memory leak in X509_STORE_add_cert/crl error handling.
      Fix a crash or unbounded allocation in RSA_padding_add_PKCS1_PSS_mgf1     and RSA_verify_PKCS1_PSS_mgf1 with 512-bit RSA vs. sha-512.
      Fixed a crash in print_notice.
      Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.
      Fixed a gcc-7-strict-warnings issue.
      Fix the error handling in CRYPTO_dup_ex_data.
      Remove unnecessary loop in pkey_rsa_decrypt.
      Ignore -rle and -comp when compiled with OPENSSL_NO_COMP.     Fixes make test when configured with no-comp.

Camille Guérin (1):
      Fixed typo in X509_STORE_CTX_new description

Darren Tucker (1):
      DES keys are not 7 days long.

David Benjamin (2):
      Don't read uninitialised data for short session IDs.
      Numbers greater than 1 are usually non-negative.

Dmitry Belyavskiy (1):
      Fix memory leak in pkcs12 -export

Dr. Stephen Henson (1):
      Use correct signature algorithm list when sending or checking.

FdaSilvaYY (1):
      Fix a few typos

Guido Vranken (1):
      Remove obsolete comment

Jon Spillett (2):
      Add documentation for SNI APIs
      Fix for #2730. Add CRLDP extension to list of supported extensions

Kurt Roeckx (3):
      Avoid signed overflow
      Cast to an unsigned type before negating
      Fix VC warnings about unary minus to an unsigned type.

Matt Caswell (16):
      Prepare for 1.0.2l-dev
      Suppress an "uknown option" warning when using no-dtls1 on Windows
      Fix some RSA documentation
      Fix out-of-memory condition in conf
      Fix DTLSv1_listen() sequence numbers
      Avoid a mem leak on error
      Fix error paths in ASN1_TIME_to_generalizedtime
      Fix BAD CCS alert in DTLS
      Free the compression methods in s_server and s_client
      Add missing macros for DHxparams
      Ensure dhparams can handle X9.42 params in DER
      Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME
      Copy custom extension flags in a call to SSL_set_SSL_CTX()
      Update CHANGES and NEWS for new release
      make update
      Prepare for 1.0.2l release

Matt Hauck (1):
      Fix statically linked engine initialization w/ fips

Pauli (7):
      Increase the size of the stack buffer to prevent an overflow.
      Update the cipher(1) documentation to
      Remove doc reference to non-existant GCM example
      Limit the output of the enc -ciphers command
      Make the output of enc -ciphers identical
      Use the callbacks from the SSL object instead of the SSL_CTX object
      Remove dead code.

Rich Salz (10):
      If BIO_snprintf failed, keep trying.
      Prevent OOB in SRP base64 code.
      Iterate over EC_GROUP's poly array in a safe way
      Backport OSSL_NELEM
      Update year, wording tweak
      Additional check to handle BAD SSL_write retry
      check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD
      Check fflush on BIO_ctrl call
      Fix URL links in comment
      RT2867: des_ede3_cfb1 ignored "size in bits" flag

Richard Levitte (16):
      Don't use the ! command
      Allow parallell make in Configure
      Have the directory reader use the Unix API on VMS
      Fix typo, missing ||
      Fix typo, should be && rather than &
      Fix crypto/bn/bn_prime.pl to generate correctly formatted bn_prime.h
      Fix apps/progs.pl to generate correctly formatted progs.h
      make update
      Fix UI_get0_action_string()
      Revert "Use the callbacks from the SSL object instead of the SSL_CTX object"
      Recognise mingw64 in config script
      Document in CHANGES that config now recognises 64-bit mingw
      Better way to recognise mingw64 in config script
      Fix decoding of ASN.1 LONG and ZLONG items
      Guard last few debugging printfs in libssl
      Remove notification settings from appveyor.yml

Roberto Guimaraes (1):
      Prevent undefined behavior in memcpy call.

Steven Collison (2):
      doc: Add missing options in s_{server,client}
      doc: Add stitched ciphers to EVP_EncryptInit.pod

Todd Short (3):
      Fix session ticket and SNI
      Fix potential memory leak in ASN1_TIME_to_generalizedtime()
      Fix time offset calculation.

Tomas Mraz (1):
      Fix regression in openssl req -x509 behaviour.

Yuchi (1):
      mem leak on error path and error propagation fix

junfx (1):
      pkeyutl exit with 0 if the verification succeeded


More information about the openssl-commits mailing list