[openssl-commits] [openssl] OpenSSL_1_0_2m create

Matt Caswell matt at openssl.org
Thu Nov 2 14:58:35 UTC 2017


The annotated tag OpenSSL_1_0_2m has been created
        at  17bcfd50a31dc09980342748085ac388ed1dbd06 (tag)
   tagging  8b1549a153a62e9878327d05aa3b6622b416ec10 (commit)
  replaces  OpenSSL_1_0_2l
 tagged by  Matt Caswell
        on  Thu Nov 2 14:33:44 2017 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.0.2m release tag
-----BEGIN PGP SIGNATURE-----

iQEuBAABCAAYBQJZ+yzIERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESRtR8H
/3yczpoF8hr/pZIvB3G2lDZaGAqxZe57wh5fG2xIp4K9/D4TxEWf+kEh9Fkc/yep
EAPeA7ZPQaELCcBfmupPp2qwARw9014E9ZXLF5MmsVBeYS5oRxtEcnf7WILwTx56
XKOmZjz41s+JiSqhJfvi+FZNK//GNfaieg3GYoJHA/sPt7cPYjg+DzNo5vJOcFgM
yfHJIu2CUxwdkzo3N3F6L95Qt3r8/n7+huSOkWmhWd6Q8+A6V9qB2rkw2DDs/+M1
GkPklapPj17C/pGtCIUP9sdUxI0E46VbpQ6fgBr0K4JOTjCmajLMuMvsKWt4gqdA
d9g9mO1ARQL/STK9zoeGiIE=
=Ho7t
-----END PGP SIGNATURE-----

Andy Polyakov (5):
      ec/asm/ecp_nistz256-x86_64.pl: minor sqr_montx cleanup.
      evp/e_aes_cbc_hmac_sha256.c: give SHAEXT right priority.
      x86_64 assembly pack: "optimize" for Knights Landing.
      err/err.c: fix "wraparound" bug in ERR_set_error_data.
      bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.

Benjamin Kaduk (2):
      Remove stale note from s_server.pod
      Remove inadvertently commited test binaries

Bernd Edlinger (15):
      Fix a possible crash in the error handling.
      Remove the fallback from ERR_get_state because the     return value is now checked at the callers.
      Fix possible crash in X931 code.
      Fix a possible crash in dsa_builtin_paramgen2.
      Remove a pointless "#if 0" block from BN_mul.
      Fix a memory leak in ecdh/ecdsa_check.
      Fix a memleak in ec_GFp_mont_group_set_curve.
      Fix a memleak in X509_PKEY_new.     Fixes #3349
      Backport of 5b8fa43 and remove resolved TODO: see PR#3924.     Make RSA key exchange code actually constant-time.
      Clean password buffer on stack for PEM_read_bio_PrivateKey     and d2i_PKCS8PrivateKey_bio before it goes out of scope.
      Fix an information leak in the RSA padding check code.     The memory blocks contain secret data and must be     cleared before returning to the system heap.
      Add a missing CRYPTO_w_unlock in get_cert_by_subject
      Avoid surpising password dialog in X509 file lookup.
      Clear outputs in PKCS12_parse error handling.
      Fix the return type of felem_is_zero_int which should be int.     Change argument type of xxxelem_is_zero_int to const void*     to avoid the need of type casts.

David Benjamin (3):
      Fix comment typo.
      Fix overflow in c2i_ASN1_BIT_STRING.
      Fix weak digest in TLS 1.2 with SNI.

David von Oheimb (1):
      Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL (backport)

Diego Santa Cruz (1):
      Fix srp app missing NULL termination with password callback

Dr. Stephen Henson (6):
      Fix RSA-PSS in FIPS mode by switching digest implementations.
      Set FIPS thread id callback.
      Correct GCM docs.
      EVP_PKEY_METHOD accessor functions.
      update ordinals
      Fix backport by moving file.

Emilia Kasper (1):
      RSA_padding_check_PKCS1_type_2 is not constant time.

Hubert Kario (2):
      doc: BN_free() is NULL-safe
      doc: note that the BN_new() initialises the BIGNUM

Jonathan Protzenko (1):
      Fix speed command for alternation of ciphers and digests.

Matt Caswell (13):
      Prepare for 1.0.2m-dev
      Document that HMAC() with a NULL md is not thread safe
      Send a protocol version alert
      Add documentation for the SSL_export_keying_material() function
      Fix undefined behaviour in e_aes_cbc_hmac_sha256.c and e_aes_cbc_hmac_sha1.c
      Remove some dead code
      Remove an out of date reference to RT
      Ensure we test all parameters for BN_FLG_CONSTTIME
      Don't make any changes to the lhash structure if we are going to fail
      Don't use strcasecmp and strncasecmp for IA5 strings
      Update CHANGES and NEWS for new release
      make update
      Prepare for 1.0.2m release

Paul Yang (4):
      Fix possible usage of NULL pointers in apps/spkac.c
      Backport X509_check_private_key.pod
      Fix a reference nit in doc
      Document missing EVP_PKEY_method_* items

Pauli (3):
      Use casts for arguments to ctype functions.
      Address a timing side channel whereby it is possible to determine some
      Address a timing side channel whereby it is possible to determine some

Rich Salz (12):
      Add text pointing to full change list.
      Document default client -psk_identity
      Fix a read off the end of the input buffer
      Remove needless type casting.
      Add echo for each build phase
      Add NOTTOOLONG macro for more clear code.
      Tweak wording to be more clear.
      Fix cherry-pick; move file.
      Avoid out-of-bounds read
      Fix error handling/cleanup
      Don't use colortable; avoid Win32 overwrite
      Additional name for all commands

Richard Levitte (10):
      tsget: remove call of WWW::Curl::Easy::global_cleanup
      Fix small UI issues
      Undo one UI fix
      Avoid possible memleak in X509_policy_check()
      Fix apps/s_client.c's XMPP client
      Fix 'no-cms'
      Make sure that a cert with extensions gets version number 2 (v3)
      asn1_item_embed_new(): don't free an embedded item
      asn1_item_embed_new(): don't free an embedded item
      Use malloc/memset not calloc for WinCE portability

Samuel Weiser (3):
      Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q.
      BN_copy now propagates BN_FLG_CONSTTIME
      Added const-time flag to DSA key decoding to avoid potential leak of privkey

Simon Richter (1):
      Fix installation on VC-WIN32 with nmake

Todd Short (2):
      Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION (1.0.2)
      Fix ex_data memory leak

Xiangyu Bu (1):
      Fix memory leak in GENERAL_NAME_set0_othername.

Xiaoyin Liu (2):
      schlock global variable needs to be volatile
      Add missing HTML tag in www_body in s_server.c

multics (1):
      Update rsautl.pod for typo

simon-p-r (1):
      fix copy and copy-if-different whitespace problem

-----------------------------------------------------------------------


More information about the openssl-commits mailing list