From: Dr. Matthias St. Pierre Date: Tue, 17 Mar 2020 16:25:51 +0000 (+0100) Subject: Update CHANGES and NEWS for 1.1.1e release X-Git-Tag: openssl-3.0.0-alpha1~238 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8658feddea6aef5cf5cbb1cfbf6b1817fa432051;p=oweals%2Fopenssl.git Update CHANGES and NEWS for 1.1.1e release Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11346) --- diff --git a/CHANGES.md b/CHANGES.md index c552e9a0a8..d2aaec9fbe 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -938,7 +938,33 @@ OpenSSL 3.0 OpenSSL 1.1.1 ------------- -### Changes between 1.1.1d and 1.1.1e [xx XXX xxxx] ### +### Changes between 1.1.1e and 1.1.1f [xx XXX xxxx] ### + + +### Changes between 1.1.1d and 1.1.1e [17 Mar 2020] ### + + * Properly detect EOF while reading in libssl. Previously if we hit an EOF + while reading in libssl then we would report an error back to the + application (SSL_ERROR_SYSCALL) but errno would be 0. We now add + an error to the stack (which means we instead return SSL_ERROR_SSL) and + therefore give a hint as to what went wrong. + + *Matt Caswell* + + * Check that ed25519 and ed448 are allowed by the security level. Previously + signature algorithms not using an MD were not being checked that they were + allowed by the security level. + + *Kurt Roeckx* + + * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() + was not quite right. The behaviour was not consistent between resumption + and normal handshakes, and also not quite consistent with historical + behaviour. The behaviour in various scenarios has been clarified and + it has been updated to make it match historical behaviour as closely as + possible. + + *Matt Caswell* * *[VMS only]* The header files that the VMS compilers include automatically, `__DECC_INCLUDE_PROLOGUE.H` and `__DECC_INCLUDE_EPILOGUE.H`, use pragmas diff --git a/NEWS.md b/NEWS.md index 434f306e11..10a38b2aaf 100644 --- a/NEWS.md +++ b/NEWS.md @@ -57,6 +57,15 @@ OpenSSL 3.0 OpenSSL 1.1.1 ------------- +### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development] ### + + * + +### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] ### + + * Fixed an overflow bug in the x64_64 Montgomery squaring procedure + used in exponentiation with 512-bit moduli ([CVE-2019-1551][]) + ### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] ### * Fixed a fork protection issue ([CVE-2019-1549][]) @@ -1295,6 +1304,7 @@ OpenSSL 0.9.x [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 [CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 [CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552 +[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551 [CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549 [CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547 [CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543