[openssl] master update

tomas at openssl.org tomas at openssl.org
Wed Dec 15 08:14:27 UTC 2021


The branch master has been updated
       via  1f8ca9e3d3fa674da4ab6694cef2f266e6ab0f20 (commit)
       via  0e4e4e27df3ff7c1b1c07be4a518c03acf2513ee (commit)
       via  c868d1f9ca923fa4ea57a46e823c280233e254ea (commit)
      from  0fcf2351ecff5db21cba431704e4da631b74904a (commit)


- Log -----------------------------------------------------------------
commit 1f8ca9e3d3fa674da4ab6694cef2f266e6ab0f20
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue Dec 14 18:10:44 2021 +0100

    NEWS.md: Add missing empty line
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17274)

commit 0e4e4e27df3ff7c1b1c07be4a518c03acf2513ee
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Dec 14 14:54:55 2021 +0100

    Add some CHANGES entries for 3.0.1
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17274)

commit c868d1f9ca923fa4ea57a46e823c280233e254ea
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon Dec 13 15:27:20 2021 +0100

    Add some CHANGES.md entries for the 3.0.1 release
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17274)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--------
 NEWS.md    |  1 +
 2 files changed, 67 insertions(+), 9 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 8fd7e7288a..16e2c341bd 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -70,7 +70,17 @@ OpenSSL 3.1
 
    *Sergey Kirillov, Andrey Matyukov (Intel Corp)*
 
-### Changes between 3.0.0 and 3.0.1 [xx XXX xxxx]
+OpenSSL 3.0
+-----------
+
+For OpenSSL 3.0 a [Migration guide][] has been added, so the CHANGES entries
+listed here are only a brief description.
+The migration guide contains more detailed information related to new features,
+breaking changes, and mappings for the large list of deprecated functions.
+
+[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
+
+### Changes between 3.0.0 and 3.0.1 [14 dec 2021]
 
  * Fixed invalid handling of X509_verify_cert() internal errors in libssl
    Internally libssl in OpenSSL calls X509_verify_cert() on the client side to
@@ -103,17 +113,48 @@ OpenSSL 3.1
 
    *Richard Levitte*
 
-OpenSSL 3.0
------------
+ * Fixed EVP_PKEY_eq() to make it possible to use it with strictly private
+   keys.
 
-For OpenSSL 3.0 a [Migration guide][] has been added, so the CHANGES entries
-listed here are only a brief description.
-The migration guide contains more detailed information related to new features,
-breaking changes, and mappings for the large list of deprecated functions.
+   *Richard Levitte*
 
-[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
+ * Fixed PVK encoder to properly query for the passphrase.
 
-### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+   *Tomáš Mráz*
+
+ * Multiple fixes in the OSSL_HTTP API functions.
+
+   *David von Oheimb*
+
+ * Allow sign extension in OSSL_PARAM_allocate_from_text() for the
+   OSSL_PARAM_INTEGER data type and return error on negative numbers
+   used with the OSSL_PARAM_UNSIGNED_INTEGER data type. Make
+   OSSL_PARAM_BLD_push_BN{,_pad}() return an error on negative numbers.
+
+   *Richard Levitte*
+
+ * Allow copying uninitialized digest contexts with EVP_MD_CTX_copy_ex.
+
+   *Tomáš Mráz*
+
+ * Fixed detection of ARMv7 and ARM64 CPU features on FreeBSD.
+
+   *Allan Jude*
+
+ * Multiple threading fixes.
+
+   *Matt Caswell*
+
+ * Added NULL digest implementation to keep compatibility with 1.1.1 version.
+
+   *Tomáš Mráz*
+
+ * Allow fetching an operation from the provider that owns an unexportable key
+   as a fallback if that is still allowed by the property query.
+
+   *Richard Levitte*
+
+### Changes between 1.1.1 and 3.0.0 [7 sep 2021]
 
  * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now
    deprecated.
@@ -1538,6 +1579,22 @@ breaking changes, and mappings for the large list of deprecated functions.
 OpenSSL 1.1.1
 -------------
 
+### Changes between 1.1.1l and 1.1.1m [xx XXX xxxx]
+
+ * Avoid loading of a dynamic engine twice.
+
+   *Bernd Edlinger*
+
+ * Prioritise DANE TLSA issuer certs over peer certs
+
+   *Viktor Dukhovni*
+
+ * Fixed random API for MacOS prior to 10.12
+
+   These MacOS versions don't support the CommonCrypto APIs
+
+   *Lenny Primak*
+
 ### Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
 
  * Fixed an SM2 Decryption Buffer Overflow.
diff --git a/NEWS.md b/NEWS.md
index 9da16da913..18fa374acb 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -28,6 +28,7 @@ OpenSSL 3.0
 -----------
 
 ### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1
+
   * Fixed invalid handling of X509_verify_cert() internal errors in libssl
     ([CVE-2021-4044])
   * Allow fetching an operation from the provider that owns an unexportable key


More information about the openssl-commits mailing list