[openssl-commits] [openssl] OpenSSL_1_1_0h create
Matt Caswell
matt at openssl.org
Tue Mar 27 14:06:27 UTC 2018
The annotated tag OpenSSL_1_1_0h has been created
at 09deb2c8c8b843c3a5b28c5c7ee021bb0487c6f9 (tag)
tagging d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 (commit)
replaces OpenSSL_1_1_0g
tagged by Matt Caswell
on Tue Mar 27 14:50:36 2018 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.1.0h release tag
-----BEGIN PGP SIGNATURE-----
iQEuBAABCAAYBQJaukwsERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESR/OEH
+wc9X6juNCIN1lz+k0ot/iE4ZihHzbYobC6Et8PxUsmDUgA1oyL5ivvhHoq+bgGr
rVv5Qs28YVbltEboONOl+6Sjlj/HsPHZcdQsuF1thREZUwnyN3ZiU72+C/KgsDop
ZtgNbYm3XWXZjTi0w3ZRupUGNGy/CmqgvVXcFz3MRYArphZzWNDR+HQ8IJjx6AyN
64nigsv4gkdm1uCxgECt90vmtFK/QCVjFQ4V5QoA3QnMAvWuyUiKWH3D+17d6wu5
balkRq/Jx8+s1iCXN6kwUKAEpRossTiMfAPkvPqYISXVtDeuf4OZgYi2U7BoXdEP
prJuDc+TJ/KdSoVQ9ryQcS4=
=T1WG
-----END PGP SIGNATURE-----
Alex Gaynor (1):
Fixed a typo in a man page
Andy Polyakov (14):
aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with binutils-2.29.
rc4/build.info: fix HP-UX rc4-ia64 rule.
Configurations/unix-Makefile.tmpl: fix HP-UX build.
util/copy.pl: work around glob quirk in some of earlier 5.1x Perl versions.
asn1/a_strex.c: fix flags truncation in do_esc_char.
bn/bn_add.c: address performance regression.
bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.
ec/ecp_nistp*.c: sanitize for undefined/implmentation-specific behaviour.
test/recipes/80-test_pkcs12.t: handle lack of Win32::API.
mem_sec.c: relax POSIX requirement.
mem_sec.c: portability fixup.
Configurations/10-main.conf: add -fno-common back to darwin-ppc-cc.
Configurations/unix-Makefile.tmpl: overhaul assembler make rules.
pariscid.pl: fix nasty typo in CRYPTO_memcmp.
Ben Kaduk (2):
make update
Fix more OCSP_resp_get0_signer() nits
Benjamin Kaduk (7):
Fix typo in comment
Add an API to get the signer of an OCSP response
Add OCSP API test executable
Fix coverity-reported errors in ocspapitest
Wrap more of ocspapitest.c in OPENSSL_NO_OCSP
Fix strict-warnings build on FreeBSD
Do not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER
Bernd Edlinger (24):
Remove test-runs dir
Fix a gcc fallthru warning
Fix invalid function type casts. Rename bio_info_cb to BIO_info_cb.
Stop using unimplemented cipher classes. Add comments to no longer usable ciphers.
Catch SIGPIPE in TLSProxy::Proxy::clientstart
Explicitly shut the socket down in s_client
Use constant value 1 instead of SHUT_WR in do_server
Set OPENSSL_ENGINES for Windows
Add a configure option to opt-out secure memory
Fix setting of IPV6_V6ONLY on Windows
Make the s_server command listen on IPv6 only when requested
Fix some style nits in commit eee8a40
Swap the check in ssl3_write_pending to avoid using the possibly indeterminate pointer value in wpend_buf.
Remove code that prints "<SPACES/NULS>" in hexdumps when the data block ends with SPACEs or NULs.
Fix some bugs with the cfb1 bitsize handling
Fix a possible memory leak in engine_table_register
Fix error handling in b2i_dss and b2i_rsa
Fix a memory leak in n_ssl3_mac
Fix a memory leak in tls1_mac
Cleanup the s_time command.
Handle partial messages in TLSProxy
Fix ecparam -genkey with point compression or DER outform
Fix dsaparam -genkey with DER outform
Previously this x509 command line was working, restore that
Brad Spencer (1):
Test the result of CMS_RecipientInfo_ktri_get0_algs() before using its output in rsa_cms_encrypt().
Christian Heimes (1):
Fix signature of min/max proto getter
Daniel Bevenius (3):
Correct minor typo in ssl_locl.h comment
Make BIO_METHOD struct definitions consistent
Add comments to NULL func ptrs in bio_method_st
David Benjamin (5):
Pretty-print large INTEGERs and ENUMERATEDs in hex.
Make BN_num_bits_word constant-time.
Don't leak the exponent bit width in BN_mod_exp_mont_consttime.
Fix timing leak in BN_from_montgomery_word.
Always use adr with __thumb2__.
David von Oheimb (1):
Various small build improvements on mkdef.pl, progs.pl
Dr. Matthias St. Pierre (3):
bio_b64.c: prevent base64 filter BIO from decoding out-of-bound data
d2i_X509.pod: clarify usage of the 'pp' function parameter
BIO_s_mem.pod: fix indirection for out parameter **pp
FdaSilvaYY (5):
Spelling doc #3580 Duplicated tests descriptions
Fix possible leaks on sk_X509_EXTENSION_push() failure ...
Fix docs for EVP_EncryptUpdate and EVP_DecryptUpdate
Fix an incoherent test.
Useless conf != NULL test
Ivan Filenko (1):
Fix typo in ASN1_STRING_length doc
Johannes Bauer (1):
Make pkeyutl a bit more user-friendly
Konstantin Shemyak (1):
Corrected 'cms' exit status when key or certificate cannot be opened
Kurt Roeckx (1):
Fix propotype to include the const qualifier
Long Qin (1):
lhash.c: Replace Unicode EN DASH with the ASCII char '-'.
Markus Sauermann (1):
Adjusted Argument Indices CLA: trivial
Massimiliano Pala (1):
Add X509_get0_authority_key_id() function
Matt Caswell (37):
Prepare for 1.1.0h-dev
Remove 4 broken macros from ocsp.h
Fix race condition in TLSProxy
Mark a zero length record as read
Add a test for CVE-2017-3737
Update CHANGES and NEWS for the new release
Fix the buffer sizing in the fatalerrtest
Fix a switch statement fallthrough
Tolerate DTLS alerts with an incorrect version number
Revert BN_copy() flag copy semantics change
Extend timeout for TLSProxy
Don't allow an empty Subject when creating a Certificate
Don't crash on a missing Subject in index.txt
Don't attempt to use X25519 for ECDSA in speed
Make sure we check an incoming reneg ClientHello in DTLS
Add the SSL_OP_NO_RENEGOTIATION option to 1.1.0
Update CHANGES with info about SSL_OP_NO_RENGOTIATION
Don't calculate the Finished MAC twice
Copy dlls into fuzz directory
The function X509_gmtime_adj() can fail
Check the return code from ASN1_TIME_diff()
Sanity check the ticket length before using key name/IV
Improve error handling in pk7_doit
Free the correct type in OBJ_add_object()
Revert "Don't crash on a missing Subject in index.txt"
Revert "Don't allow an empty Subject when creating a Certificate"
Report a readable error on a duplicate cert in ca app
Allow multiple entries without a Subject even if unique_subject == yes
Fix a memory leak in the ca application
Check for alerts while waiting for a dry event
Don't wait for dry at the end of a handshake
The default conv_form is uncompressed
Limit ASN.1 constructed types recursive definition depth
Add fuzz corpora file that found the ASN.1 stack depth issue
Update CHANGES and NEWS for the new release
Update copyright year
Prepare for 1.1.0h release
MerQGh (1):
Update eng_fat.c
Michael Richardson (1):
Add OPENSSL_VERSION_AT_LEAST
Patrick Schlangen (1):
Make data argument const in SSL_dane_tlsa_add
Patrick Steuer (2):
crypto/bio/bss_dgram.c: annotate fallthrough (-Wimplicit-fallthrough)
Document OPENSSL_ENGINES environment variable
Pauli (1):
Remove mentioned link between message digests and public key algorithms.
Pavel Kopyl (4):
Check return value of OBJ_nid2obj in dsa_pub_encode.
Add error handling in dsa_main and ASN1_i2d_bio.
X509V3_EXT_add_nconf_sk, X509v3_add_ext: fix errors handling
do_body: fix heap-use-after-free.
Per Sandström (1):
Update EC_POINT_new.pod
Rich Salz (10):
Check for malloc failure
Standardize syntax of sizeof(foo)
Fix typo that cause find-doc-nits failure
Remove old config that used non-exist util script
Add fingerprint text, remove MD5
Fix BN doc
Check # of arguments for remaining commands.
Remove unused file
Copy name string in BIO_meth_new
Fix credit for SRP code
Richard Levitte (65):
Travis: if "make update" created a diff, please show it
Perl: Use our own globbing wrapper rather than File::Glob::glob
Consolidate the locations where we have our internal perl modules
Configure: cleanup @disable_cascade
Avoid unnecessary MSYS2 conversion of some arguments
Correct EVP_CIPHER_meth_new.pod and EVP_MD_meth_new.pod
Fix EVP_MD_meth_new.pod
Remove unicode characters from source
In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()
In apps_startup(), call OPENSSL_init_ssl() rather than OPENSSL_init_crypto()
Fix leak in ERR_get_state() when OPENSSL_init_crypto() isn't called yet
CHANGES: Document the removal of OS390-Unix
Clean up uClinux targets
Update copyright years on all files merged since Jan 1st 2018
Configure: try to make sure every config target name is unique
Fix intermittent Cygwin failures in s_client
Fix intermittent Windows and Cygwin failures in s_server
TLSProxy::Proxy: If we don't support IPv6, force IPv4
TLSProxy::Proxy: don't waste time redirecting STDOUT and STDERR
TLSProxy::Proxy: Don't use ReuseAddr on Windows
Cygwin is POSIX, don't say it isn't
Simplify Cygwin checks, part 1
The Cygwin gcc doesn't define _WIN32, don't pretend it does
Only implement secure malloc if _POSIX_VERSION allows
Create one permanent proxy socket per TLSProxy::Proxy instance
Enable TLSProxy tests on Windows
Update the license end year
Add anything specifying a threads library to ex_libs
Don't add $(EX_LIBS) to libssl.pc's Libs.private
Revert "EVP_PKEY_asn1_add0(): Check that this method isn't already registered"
Have EVP_PKEY_asn1_find_str() work more like EVP_PKEY_asn1_find()
Configure: let INCLUDEs set on binaries "trickle down" to the objects
Configure: ensure that a DEPEND generates the correct inclusion directory
VMS config.com: better handling of arguments
Don't break testing when runnins as root
Remove $no_sse2, as it's just a 'copy' of $disabled{sse2}
Don't define OPENSSL_NO_ERR for the command line
BIO: at the end of BIO_new, declare the BIO inited if no create method present
Remove "dummy" BIO create and destroy functions
Make all private functions in e_afalg.c static
util/mkdef.pl: Trust configdata.pm
util/mkdef.pl: use better array in search of 'DEPRECATEDIN_'
util/mkdef.pl: Fix incomplete cherry-pick
Add the target 'build_all_generated'
Fix bug in BIO_f_linebuffer()
Configure: if a file is generated, never assume it's in the source dir
OpenSSL::Test::quotify: put quotes around empty arguments
test_ssl_old: avoid empty strings for flags
Windows makefile: Don't quote generator arguments
opensslconf.h.in: Use all the "openssl_api_defines"
util/dofile.pl: only quote stuff that actually needs quoting
Configurations/unix-Makefile.tmpl: remove assignment of AS and ASFLAGS
Make a few more asm modules conform: last argument is output file
Remove useless -D_ENDIAN from MPE/iX-gcc config
Restore the display of options with 'openssl version -a'
Configure: don't mangle the directory again when checking DEPEND inclusion
Configure: catch the build tree configdata.pm
Windows makefile: don't use different looking variants of same cmd
Add a simple method to run regression tests
Stop test/shlibloadtest.c from failing in a regression test
Support "-min_protocol" and "-max_protocol" in s_server and s_client
In TLSProxy::Proxy, specify TLSv1.2 as maximum allowable protocol
Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version
s_client, s_server: do generic SSL configuration first, specialization after
Copy the produced .dll files to fuzz/ as well (Cygwin & mingw)
Samuel Weiser (3):
Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation
used ERR set/pop mark
consttime flag changed
Steffan Karger (1):
Fix SSL_CTX_get_{min,max}_proto_version integer conversion warning
Todd Short (1):
Fix error-path memory leak in asn_mime.c
Viktor Dukhovni (5):
Make possible variant SONAMEs and symbol versions
Document the X509_V_FLAG_PARTIAL_CHAIN flag
Add x509(1) reference
Avoid leaking peername data via accept BIOs
Avoid fragile aliasing of SHA224/384 update/final
knekritz (1):
Avoid unconditional store in CRYPTO_malloc.
pass86 (1):
Fix spelling: adroideabi -> androideabi
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list