[openssl-commits] [openssl] OpenSSL_1_0_2m create
Matt Caswell
matt at openssl.org
Thu Nov 2 14:58:35 UTC 2017
The annotated tag OpenSSL_1_0_2m has been created
at 17bcfd50a31dc09980342748085ac388ed1dbd06 (tag)
tagging 8b1549a153a62e9878327d05aa3b6622b416ec10 (commit)
replaces OpenSSL_1_0_2l
tagged by Matt Caswell
on Thu Nov 2 14:33:44 2017 +0000
- Log -----------------------------------------------------------------
OpenSSL 1.0.2m release tag
-----BEGIN PGP SIGNATURE-----
iQEuBAABCAAYBQJZ+yzIERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESRtR8H
/3yczpoF8hr/pZIvB3G2lDZaGAqxZe57wh5fG2xIp4K9/D4TxEWf+kEh9Fkc/yep
EAPeA7ZPQaELCcBfmupPp2qwARw9014E9ZXLF5MmsVBeYS5oRxtEcnf7WILwTx56
XKOmZjz41s+JiSqhJfvi+FZNK//GNfaieg3GYoJHA/sPt7cPYjg+DzNo5vJOcFgM
yfHJIu2CUxwdkzo3N3F6L95Qt3r8/n7+huSOkWmhWd6Q8+A6V9qB2rkw2DDs/+M1
GkPklapPj17C/pGtCIUP9sdUxI0E46VbpQ6fgBr0K4JOTjCmajLMuMvsKWt4gqdA
d9g9mO1ARQL/STK9zoeGiIE=
=Ho7t
-----END PGP SIGNATURE-----
Andy Polyakov (5):
ec/asm/ecp_nistz256-x86_64.pl: minor sqr_montx cleanup.
evp/e_aes_cbc_hmac_sha256.c: give SHAEXT right priority.
x86_64 assembly pack: "optimize" for Knights Landing.
err/err.c: fix "wraparound" bug in ERR_set_error_data.
bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
Benjamin Kaduk (2):
Remove stale note from s_server.pod
Remove inadvertently commited test binaries
Bernd Edlinger (15):
Fix a possible crash in the error handling.
Remove the fallback from ERR_get_state because the return value is now checked at the callers.
Fix possible crash in X931 code.
Fix a possible crash in dsa_builtin_paramgen2.
Remove a pointless "#if 0" block from BN_mul.
Fix a memory leak in ecdh/ecdsa_check.
Fix a memleak in ec_GFp_mont_group_set_curve.
Fix a memleak in X509_PKEY_new. Fixes #3349
Backport of 5b8fa43 and remove resolved TODO: see PR#3924. Make RSA key exchange code actually constant-time.
Clean password buffer on stack for PEM_read_bio_PrivateKey and d2i_PKCS8PrivateKey_bio before it goes out of scope.
Fix an information leak in the RSA padding check code. The memory blocks contain secret data and must be cleared before returning to the system heap.
Add a missing CRYPTO_w_unlock in get_cert_by_subject
Avoid surpising password dialog in X509 file lookup.
Clear outputs in PKCS12_parse error handling.
Fix the return type of felem_is_zero_int which should be int. Change argument type of xxxelem_is_zero_int to const void* to avoid the need of type casts.
David Benjamin (3):
Fix comment typo.
Fix overflow in c2i_ASN1_BIT_STRING.
Fix weak digest in TLS 1.2 with SNI.
David von Oheimb (1):
Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL (backport)
Diego Santa Cruz (1):
Fix srp app missing NULL termination with password callback
Dr. Stephen Henson (6):
Fix RSA-PSS in FIPS mode by switching digest implementations.
Set FIPS thread id callback.
Correct GCM docs.
EVP_PKEY_METHOD accessor functions.
update ordinals
Fix backport by moving file.
Emilia Kasper (1):
RSA_padding_check_PKCS1_type_2 is not constant time.
Hubert Kario (2):
doc: BN_free() is NULL-safe
doc: note that the BN_new() initialises the BIGNUM
Jonathan Protzenko (1):
Fix speed command for alternation of ciphers and digests.
Matt Caswell (13):
Prepare for 1.0.2m-dev
Document that HMAC() with a NULL md is not thread safe
Send a protocol version alert
Add documentation for the SSL_export_keying_material() function
Fix undefined behaviour in e_aes_cbc_hmac_sha256.c and e_aes_cbc_hmac_sha1.c
Remove some dead code
Remove an out of date reference to RT
Ensure we test all parameters for BN_FLG_CONSTTIME
Don't make any changes to the lhash structure if we are going to fail
Don't use strcasecmp and strncasecmp for IA5 strings
Update CHANGES and NEWS for new release
make update
Prepare for 1.0.2m release
Paul Yang (4):
Fix possible usage of NULL pointers in apps/spkac.c
Backport X509_check_private_key.pod
Fix a reference nit in doc
Document missing EVP_PKEY_method_* items
Pauli (3):
Use casts for arguments to ctype functions.
Address a timing side channel whereby it is possible to determine some
Address a timing side channel whereby it is possible to determine some
Rich Salz (12):
Add text pointing to full change list.
Document default client -psk_identity
Fix a read off the end of the input buffer
Remove needless type casting.
Add echo for each build phase
Add NOTTOOLONG macro for more clear code.
Tweak wording to be more clear.
Fix cherry-pick; move file.
Avoid out-of-bounds read
Fix error handling/cleanup
Don't use colortable; avoid Win32 overwrite
Additional name for all commands
Richard Levitte (10):
tsget: remove call of WWW::Curl::Easy::global_cleanup
Fix small UI issues
Undo one UI fix
Avoid possible memleak in X509_policy_check()
Fix apps/s_client.c's XMPP client
Fix 'no-cms'
Make sure that a cert with extensions gets version number 2 (v3)
asn1_item_embed_new(): don't free an embedded item
asn1_item_embed_new(): don't free an embedded item
Use malloc/memset not calloc for WinCE portability
Samuel Weiser (3):
Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q.
BN_copy now propagates BN_FLG_CONSTTIME
Added const-time flag to DSA key decoding to avoid potential leak of privkey
Simon Richter (1):
Fix installation on VC-WIN32 with nmake
Todd Short (2):
Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION (1.0.2)
Fix ex_data memory leak
Xiangyu Bu (1):
Fix memory leak in GENERAL_NAME_set0_othername.
Xiaoyin Liu (2):
schlock global variable needs to be volatile
Add missing HTML tag in www_body in s_server.c
multics (1):
Update rsautl.pod for typo
simon-p-r (1):
fix copy and copy-if-different whitespace problem
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list