From: Rich Salz Date: Wed, 13 May 2020 15:16:50 +0000 (-0400) Subject: Fix all MD036 (emphasis used instead of heading) X-Git-Tag: openssl-3.0.0-alpha3~99 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=43a70f02022ebbc29aa71853f04f1dc0d9772846;p=oweals%2Fopenssl.git Fix all MD036 (emphasis used instead of heading) The main fixes were errors in itemized lists "*)" instead of "*" Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11770) --- diff --git a/CHANGES.md b/CHANGES.md index 6ee0b1efde..589cc5537e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -6001,40 +6001,40 @@ OpenSSL 1.0.1 *Steve Henson* - *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect - results on some platforms, including x86_64. This bug occurs at random - with a very low probability, and is not known to be exploitable in any - way, though its exact impact is difficult to determine. Thanks to Pieter - Wuille (Blockstream) who reported this issue and also suggested an initial - fix. Further analysis was conducted by the OpenSSL development team and - Adam Langley of Google. The final fix was developed by Andy Polyakov of - the OpenSSL core team. - [CVE-2014-3570][] + * Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + [CVE-2014-3570][] *Andy Polyakov* - *) Do not resume sessions on the server if the negotiated protocol - version does not match the session's version. Resuming with a different - version, while not strictly forbidden by the RFC, is of questionable - sanity and breaks all known clients. + * Do not resume sessions on the server if the negotiated protocol + version does not match the session's version. Resuming with a different + version, while not strictly forbidden by the RFC, is of questionable + sanity and breaks all known clients. *David Benjamin, Emilia Käsper* - *) Tighten handling of the ChangeCipherSpec (CCS) message: reject - early CCS messages during renegotiation. (Note that because - renegotiation is encrypted, this early CCS was not exploitable.) + * Tighten handling of the ChangeCipherSpec (CCS) message: reject + early CCS messages during renegotiation. (Note that because + renegotiation is encrypted, this early CCS was not exploitable.) *Emilia Käsper* - *) Tighten client-side session ticket handling during renegotiation: - ensure that the client only accepts a session ticket if the server sends - the extension anew in the ServerHello. Previously, a TLS client would - reuse the old extension state and thus accept a session ticket if one was - announced in the initial ServerHello. + * Tighten client-side session ticket handling during renegotiation: + ensure that the client only accepts a session ticket if the server sends + the extension anew in the ServerHello. Previously, a TLS client would + reuse the old extension state and thus accept a session ticket if one was + announced in the initial ServerHello. - Similarly, ensure that the client requires a session ticket if one - was advertised in the ServerHello. Previously, a TLS client would - ignore a missing NewSessionTicket message. + Similarly, ensure that the client requires a session ticket if one + was advertised in the ServerHello. Previously, a TLS client would + ignore a missing NewSessionTicket message. *Emilia Käsper* @@ -7020,19 +7020,19 @@ OpenSSL 1.0.0 *Steve Henson* - *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect - results on some platforms, including x86_64. This bug occurs at random - with a very low probability, and is not known to be exploitable in any - way, though its exact impact is difficult to determine. Thanks to Pieter - Wuille (Blockstream) who reported this issue and also suggested an initial - fix. Further analysis was conducted by the OpenSSL development team and - Adam Langley of Google. The final fix was developed by Andy Polyakov of - the OpenSSL core team. - [CVE-2014-3570][] + * Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + [CVE-2014-3570][] - *Andy Polyakov* + *Andy Polyakov* - *) Fix various certificate fingerprint issues. + * Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. diff --git a/INSTALL.md b/INSTALL.md index d4da50c7f7..88961aa74b 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -262,13 +262,14 @@ for 32bit binaries on 64bit Windows (WOW64). #### Installing to a different location To install OpenSSL to a different location (for example into your home -directory for testing purposes) run config like this: +directory for testing purposes) run config as shown in the following +examples. -**On Unix** +On Unix: $ ./config --prefix=/opt/openssl --openssldir=/usr/local/ssl -**On OpenVMS** +On OpenVMS: $ @config --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL] diff --git a/util/markdownlint.rb b/util/markdownlint.rb index 75eb21ecb8..66517484ad 100644 --- a/util/markdownlint.rb +++ b/util/markdownlint.rb @@ -18,4 +18,3 @@ exclude_rule 'MD014' # Dollar signs used before commands without showing output exclude_rule 'MD024' # Multiple headers with the same content exclude_rule 'MD025' # Multiple top level headers in the same document exclude_rule 'MD029' # Ordered list item prefix -exclude_rule 'MD036' # Emphasis used instead of a header