[openssl] OpenSSL_1_1_1l create

Matt Caswell matt at openssl.org
Tue Aug 24 13:50:06 UTC 2021 

The annotated tag OpenSSL_1_1_1l has been created
        at  6e9c3540b2dc39e6bdda9444c79ecaa4d6baa312 (tag)
   tagging  fb047ebc87b18bdc4cf9ddee9ee1f5ed93e56aff (commit)
  replaces  OpenSSL_1_1_1k
 tagged by  Matt Caswell
        on  Tue Aug 24 14:38:47 2021 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.1l release tag
-----BEGIN PGP SIGNATURE-----

iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmEk9mcRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJGEvgf+OV98uls31C2slBrooNPmlpYtiUS663wo
KcJ5jifnYDoBudYicsFPT1CjuRuX4tSk4A685+inbq+1DFdTmHcFLw2Dd6ki4el8
Z/dQCp9eDX3Z+gdb5hs4j/FMfwEqnjuj8dCk8/ib1XVqb9f2gA5XJE49NoZtSksk
VZkSKC9MKnA7IGbd3ov6LaPZuygk6T5R+wvWeiz+USd9UzUPG874QvHpyH4R2Hl2
4TTwNH1QQuc5kuam8yTFMAWMs4ZhTUm1GpEMzZ3T/yB7iLuD5LUoEQJSRhklFvgh
IGfs9dOhXbNmYj2duKmJ4JOvRI/slQeP96+sRgrTgOH6e9Md1BbIEA==
=HL6/
-----END PGP SIGNATURE-----

Alex Yursha (1):
      Print correct error message in utils/mkdir-p.pl

Benjamin Kaduk (4):
      Improve RFC 8446 PSK key exchange mode compliance
      make update
      Don't send key_share for PSK-only key exchange
      Update expected results for tls13kexmodes tests

Billy Brumley (1):
      [doc/man3] documentation: BN_cmp manpage updates

Christian Heimes (1):
      Inherit hostflags verify params even without hosts

Daiki Ueno (2):
      BIO_lookup_ex: use AI_ADDRCONFIG only if explicit host name is given
      apps: Use the first detected address family if IPv6 is not available

Dave Coombs (1):
      crl2pkcs7 shouldn't include empty optional sets

David Benjamin (1):
      Fix use of uninitialized memory in test_rsa_oaep

David CARLIER (1):
      apple getentropy removal

David Carlier (1):
      BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true

Dmitry Belyavskiy (5):
      Use OCSP-specific error code for clarity
      Avoid sending alerts after shutdown
      Try to parse private key as PKCS#8 first, fallback afterwards
      Testing private keys with extra attributes
      Cleanup the peer point formats on regotiation

Dr. David von Oheimb (1):
      ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t

Fred Hornsey (1):
      Support for Android NDK r22

Hubert Kario (1):
      man: s_server: fix typo in -alpn option description

Ingo Franzki (2):
      s390x: AES OFB/CFB: Maintain running IV from cipher context
      Test EVP Cipher updating the context's IV

Ingo Schwarze (1):
      Fix a read buffer overrun in X509_aux_print().

Jean-Philippe Boivin (1):
      Properly restore XMM registers in ChaCha20's AVX-512(VL) assembly

Lars Immisch (1):
      Use getauxval on Android with API level > 18

Matt Caswell (24):
      Prepare for 1.1.1l-dev
      Only call dtls1_start_timer() once
      Fix s_server PSK handling
      Avoid "excessive message size" for session tickets
      Don't reset the packet pointer in ssl3_setup_read_buffer
      Disallow SSL_key_update() if there are writes pending
      Fix some minor record layer issues
      Fix i2v_GENERAL_NAME to not assume NUL terminated strings
      Fix POLICYINFO printing to not assume NUL terminated strings
      Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings
      Fix the name constraints code to not assume NUL terminated strings
      Fix test code to not assume NUL terminated strings
      Fix append_ia5 function to not assume NUL terminated strings
      Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings
      Fix EC_GROUP_new_from_ecparameters to check the base length
      Allow fuzz builds to detect string overruns
      Fix the error handling in i2v_AUTHORITY_KEYID
      Correctly calculate the length of SM2 plaintext given the ciphertext
      Extend tests for SM2 decryption
      Check the plaintext buffer is large enough when decrypting SM2
      Updates to CHANGES and NEWS for the new release
      Update copyright year
      Run make update
      Prepare for 1.1.1l release

Mohamed Akram (1):
      doc: fix enc -z option documentation

Nan Xiao (5):
      Fix BIO_new_ssl_connect() to not leak memory
      Fix typo in BIO_push.pod
      Remove unnecessary BIO_do_handshake()s
      Fix potential double free in sslapitest.c
      Fix typos in x509.pod

Niclas Rosenvik (1):
      Some compilers define __STDC_VERSION__ in c++

Nicola Tuveri (12):
      [github-ci] Sync ci.yml workflow with master
      [github-ci] Import windows.yml workflow from master
      [github-ci] Import cross-compiles.yml workflow from master
      [github-ci] Import run-checker workflows from master
      [github-ci] Import run-checker daily workflow from master
      [github-ci][cross-compiles.yml] Disable sparcv9
      [github-ci][ci.yml] Disable krb5 external tests
      [github-ci][ci.yml] Disable pyca external tests
      [github-ci][run-checker-ci.yml] Disable no-tls1_3 tests
      [github-ci][ci.yml] Disable memory sanitizer build
      [github-ci][run-checker-merge.yml] Disable ubsan build
      Revert "[github-ci][cross-compiles.yml] Disable sparcv9"

Oliver Mihatsch (1):
      Fix memory leak in i2d_ASN1_bio_stream

Patrick Steuer (2):
      s390x: cipher must set EVP_CIPH_ALWAYS_CALL_INIT flag
      Test EVP_CipherInit sequences and resets

Pauli (9):
      srp: fix double free,
      ts: fix double free on error path.
      engine: fix double free on error path.
      bn: procduce correct sign for result of BN_mod()
      ssl: do not choose auto DH groups that are weaker than the security level
      test: add test for auto DH security level meets the minimum
      pkcs12: check for zero length digest to avoid division by zero
      [github-ci] Add comment about our approach to GitHub Actions CI
      sparc: fix cross compile build

Richard Levitte (9):
      Don't remove $(TARFILE) when cleaning
      ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
      Clean away remaining Travis related files
      TEST: Check that i2d refuses to encode non-optional items with no content
      ASN.1: Refuse to encode to DER if non-optional items are missing
      Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN
      Fix test/asn1_encode_test.c to handle encoding/decoding failure
      make update (adds a new function code)
      Avoid empty lines in nmake rule bodies

Shane Lontis (2):
      Test that we don't have a memory leak in d2i_ASN1_OBJECT.
      s_client.pod: Fix grammar in NOTES section.

Theo Buehler (2):
      Avoid division by zero in hybrid point encoding
      Test oct2point for hybrid point encoding of (0, y)

Todd Short (3):
      Handle set_alpn_protos inputs better.
      Call SSLfatal when the generate_ticket_cb returns 0
      Fix potential double-free

Tomas Mraz (10):
      Test that EVP_PKEY_cmp() returns 1 when comparing a key to itself
      Correct the return value on match and mismatch for MAC pkeys
      Put init_ec_point_formats() inside #ifndef OPENSSL_NO_EC
      doc: Mention the update of der data pointers in d2i/i2d
      DSA/RSA_print(): Fix potential memory leak
      Revert "make update (adds a new function code)"
      Revert "Fix test/asn1_encode_test.c to handle encoding/decoding failure"
      Revert "Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN"
      Revert "ASN.1: Refuse to encode to DER if non-optional items are missing"
      Revert "TEST: Check that i2d refuses to encode non-optional items with no content"

Trev Larock (1):
      Modify ssl_handshake_hash to call SSLfatal

bonniegong (2):
      check i2d_ASN1_TYPE return value
      Check the return value of ASN1_STRING_length

luyahan (1):
      Add riscv64 target

yunh (1):
      enable getauxval on android 10

-----------------------------------------------------------------------

More information about the openssl-commits mailing list