summaryrefslogtreecommitdiffstats
path: root/NEWS.md
AgeCommit message (Collapse)Author
2024-04-24Add Attribute Certificate suport comments to CHANGES and NEWSDamian Hobson-Garcia
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15857)
2024-04-09Sync CHANGES.md and NEWS.md with 3.3 branchTomas Mraz
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
2024-04-08Add a CHANGES.md/NEWS.md entry for the unbounded memory growth bugMatt Caswell
Related to CVE-2024-2511 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24042)
2024-02-09Amend CHANGES.md/NEWS.md to reflect DN output changesDmitry Belyavskiy
Fixes #23492 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23507)
2024-02-01Remove a CVE reference from CHANGES/NEWSMatt Caswell
master/3.2 was never vulnerable to CVE-2023-5678 since it was fixed before it was released. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23432)
2024-01-30Update CHANGES.md and NEWS.md for new releaseMatt Caswell
Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/23421)
2024-01-15Add CHANGES.md and NEWS.md entries for CVE-2023-6237Tomas Mraz
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23243)
2024-01-09Add CHANGES.md and NEWS.md entries for CVE-2023-6129Tomas Mraz
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23200)
2024-01-09Sync CHANGES.md and NEWS.md with 3.2 branchTomas Mraz
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23200)
2023-11-23Amend NEWS.md to be more like release notesHugo Landau
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22785) (cherry picked from commit 5e07ea4f82b5250d64183ddda2b56ebf37df126a)
2023-11-15Document the exporter change in CHANGES.md and NEWS.mdRichard Levitte
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20878)
2023-11-08Add CHANGES.md and NEWS.md entry for CVE-2023-5678Tomas Mraz
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22647) (cherry picked from commit 4ee71b4c302a06c24b46a5def1cff2096bd57f0b)
2023-11-08Sync CHANGES.md and NEWS.md with 3.1 branchTomas Mraz
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22647) (cherry picked from commit 2d0d3edb04ab0fa53e30e3cbdd114de9933d5361)
2023-10-27Prepare for 3.3Richard Levitte
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22525)
2023-10-24changes and news entries for CVE-2023-5363Pauli
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2023-09-28Prepare for 3.2 alpha 3Matt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
2023-09-28Prepare for release of 3.2 alpha 2openssl-3.2.0-alpha2Matt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
2023-09-18Fix new typos found by codespellDimitri Papadopoulos
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22098)
2023-09-11Add CVE-2023-4807 fix to CHANGES.md and NEWS.mdTomas Mraz
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22033)
2023-09-11Sync changes between 3.2 and 3.1 branchesTomas Mraz
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22033)
2023-09-07Prepare for 3.2 alpha 2Matt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
2023-09-07Prepare for release of 3.2 alpha 1openssl-3.2.0-alpha1Matt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
2023-08-23Update CHANGES.md and NEWS.md for the upcoming 3.2 releaseTomas Mraz
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21802)
2023-07-27Add CHANGES.md and NEWS.md entries for CVE-2023-3817Tomas Mraz
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/21550)
2023-07-19Update CHANGES/NEWS for CVE-2023-3446Matt Caswell
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21451)
2023-07-14Add CHANGES.md and NEWS.md entries for CVE-2023-2975Tomas Mraz
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21384)
2023-07-14Add a NEWS entry covering the FIPS related changes.Pauli
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/21386) (cherry picked from commit dfc4b6c93b99f6666cd958c5643a24bb6edff7b7)
2023-07-06Enable QUIC by defaultMatt Caswell
Ensure builds enable QUIC without explicitly having to ask for it. To disable QUIC pass "no-quic" to Configure. As a result we can remove all use of "enable-quic" from the various CI runs. We also add a CHANGES and NEWS entry for QUIC support. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21332)
2023-06-15Fix typos found by codespellDimitri Papadopoulos
Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20910)
2023-06-06Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translateRichard Levitte
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical numeric text form. For gigantic sub-identifiers, this would take a very long time, the time complexity being O(n^2) where n is the size of that sub-identifier. To mitigate this, a restriction on the size that OBJ_obj2txt() will translate to canonical numeric text form is added, based on RFC 2578 (STD 58), which says this: > 3.5. OBJECT IDENTIFIER values > > An OBJECT IDENTIFIER value is an ordered list of non-negative numbers. > For the SMIv2, each number in the list is referred to as a sub-identifier, > there are at most 128 sub-identifiers in a value, and each sub-identifier > has a maximum value of 2^32-1 (4294967295 decimal). Fixes otc/security#96 Fixes CVE-2023-2650 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
2023-04-20aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryptionTomas Mraz
Original author: Nevine Ebeid (Amazon) Fixes: CVE-2023-1255 The buffer overread happens on decrypts of 4 mod 5 sizes. Unless the memory just after the buffer is unmapped this is harmless. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/20759)
2023-03-28RFC7250 (RPK) supportTodd Short
Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
2023-03-28Fix documentation of X509_VERIFY_PARAM_add0_policy()Tomas Mraz
The function was incorrectly documented as enabling policy checking. Fixes: CVE-2023-0466 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20561)
2023-03-28Updated CHANGES.md and NEWS.md for CVE-2023-0465Matt Caswell
Also updated the entries for CVE-2023-0464 Related-to: CVE-2023-0465 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20585)
2023-02-24first cut at sigalg loadingMichael Baentsch
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19312)
2023-02-11Correct a copy&paste error in a link URLTomas Mraz
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20228)
2023-02-11Sync CHANGES.md and NEWS.md with 3.0.8 releaseTomas Mraz
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20228)
2022-12-05Sync CHANGES.md and NEWS.md with 3.1 releaseTomas Mraz
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19808)
2022-11-22Update CHANGES.md and NEWS.md from 3.0.7Tomas Mraz
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19565)
2022-10-18Add support for compressed certificates (RFC8879)Todd Short
* Compressed Certificate extension (server/client) * Server certificates (send/receive) * Client certificate (send/receive) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-12Update CHANGES.md and NEWS.md for new releaseMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19379)
2022-10-12Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY
Partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
2022-10-07Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branchRichard Levitte
3.1 has been decided to be a FIPS 140-3 release, springing from the branch openssl-3.0, and the master branch to continue with the development of OpenSSL 3.2. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19350)
2022-06-21Update CHANGES.md and NEWS.md for new releaseMatt Caswell
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes
2022-05-08tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and abovePauli
This is in line with the NEWS entry (erroneously) announcing such for 3.0. Fixes #18194 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18236)
2022-05-06Correct NEWS entry about required security level for old versions of TLS, ↵Pauli
DTLS and SSL The entry was incorrect because suites using RSA key exchange without SHA1 were permitted at security level 1. Partial fix for #18194 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/18234) (cherry picked from commit 3226a37a4875567f2bf49aa44a727bcb67bb7dcd)
2022-05-03Update CHANGES and NEWS for new releaseMatt Caswell
Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
2022-03-15Update CHANGES/NEWS for new releaseMatt Caswell
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2022-03-10Add TFO support to socket BIO and s_client/s_serverTodd Short
Supports Linux, MacOS and FreeBSD Disabled by default, enabled via `enabled-tfo` Some tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8692)
2021-12-14NEWS.md: Add missing empty lineTomas Mraz
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17274)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-22 01:08:26 +0000