The annotated tag OpenSSL_1_1_1l has been created at 6e9c3540b2dc39e6bdda9444c79ecaa4d6baa312 (tag) tagging fb047ebc87b18bdc4cf9ddee9ee1f5ed93e56aff (commit) replaces OpenSSL_1_1_1k tagged by Matt Caswell on Tue Aug 24 14:38:47 2021 +0100
- Log ----------------------------------------------------------------- OpenSSL 1.1.1l release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmEk9mcRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJGEvgf+OV98uls31C2slBrooNPmlpYtiUS663wo KcJ5jifnYDoBudYicsFPT1CjuRuX4tSk4A685+inbq+1DFdTmHcFLw2Dd6ki4el8 Z/dQCp9eDX3Z+gdb5hs4j/FMfwEqnjuj8dCk8/ib1XVqb9f2gA5XJE49NoZtSksk VZkSKC9MKnA7IGbd3ov6LaPZuygk6T5R+wvWeiz+USd9UzUPG874QvHpyH4R2Hl2 4TTwNH1QQuc5kuam8yTFMAWMs4ZhTUm1GpEMzZ3T/yB7iLuD5LUoEQJSRhklFvgh IGfs9dOhXbNmYj2duKmJ4JOvRI/slQeP96+sRgrTgOH6e9Md1BbIEA== =HL6/ -----END PGP SIGNATURE----- Alex Yursha (1): Print correct error message in utils/mkdir-p.pl Benjamin Kaduk (4): Improve RFC 8446 PSK key exchange mode compliance make update Don't send key_share for PSK-only key exchange Update expected results for tls13kexmodes tests Billy Brumley (1): [doc/man3] documentation: BN_cmp manpage updates Christian Heimes (1): Inherit hostflags verify params even without hosts Daiki Ueno (2): BIO_lookup_ex: use AI_ADDRCONFIG only if explicit host name is given apps: Use the first detected address family if IPv6 is not available Dave Coombs (1): crl2pkcs7 shouldn't include empty optional sets David Benjamin (1): Fix use of uninitialized memory in test_rsa_oaep David CARLIER (1): apple getentropy removal David Carlier (1): BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true Dmitry Belyavskiy (5): Use OCSP-specific error code for clarity Avoid sending alerts after shutdown Try to parse private key as PKCS#8 first, fallback afterwards Testing private keys with extra attributes Cleanup the peer point formats on regotiation Dr. David von Oheimb (1): ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t Fred Hornsey (1): Support for Android NDK r22 Hubert Kario (1): man: s_server: fix typo in -alpn option description Ingo Franzki (2): s390x: AES OFB/CFB: Maintain running IV from cipher context Test EVP Cipher updating the context's IV Ingo Schwarze (1): Fix a read buffer overrun in X509_aux_print(). Jean-Philippe Boivin (1): Properly restore XMM registers in ChaCha20's AVX-512(VL) assembly Lars Immisch (1): Use getauxval on Android with API level > 18 Matt Caswell (24): Prepare for 1.1.1l-dev Only call dtls1_start_timer() once Fix s_server PSK handling Avoid "excessive message size" for session tickets Don't reset the packet pointer in ssl3_setup_read_buffer Disallow SSL_key_update() if there are writes pending Fix some minor record layer issues Fix i2v_GENERAL_NAME to not assume NUL terminated strings Fix POLICYINFO printing to not assume NUL terminated strings Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings Fix the name constraints code to not assume NUL terminated strings Fix test code to not assume NUL terminated strings Fix append_ia5 function to not assume NUL terminated strings Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings Fix EC_GROUP_new_from_ecparameters to check the base length Allow fuzz builds to detect string overruns Fix the error handling in i2v_AUTHORITY_KEYID Correctly calculate the length of SM2 plaintext given the ciphertext Extend tests for SM2 decryption Check the plaintext buffer is large enough when decrypting SM2 Updates to CHANGES and NEWS for the new release Update copyright year Run make update Prepare for 1.1.1l release Mohamed Akram (1): doc: fix enc -z option documentation Nan Xiao (5): Fix BIO_new_ssl_connect() to not leak memory Fix typo in BIO_push.pod Remove unnecessary BIO_do_handshake()s Fix potential double free in sslapitest.c Fix typos in x509.pod Niclas Rosenvik (1): Some compilers define __STDC_VERSION__ in c++ Nicola Tuveri (12): [github-ci] Sync ci.yml workflow with master [github-ci] Import windows.yml workflow from master [github-ci] Import cross-compiles.yml workflow from master [github-ci] Import run-checker workflows from master [github-ci] Import run-checker daily workflow from master [github-ci][cross-compiles.yml] Disable sparcv9 [github-ci][ci.yml] Disable krb5 external tests [github-ci][ci.yml] Disable pyca external tests [github-ci][run-checker-ci.yml] Disable no-tls1_3 tests [github-ci][ci.yml] Disable memory sanitizer build [github-ci][run-checker-merge.yml] Disable ubsan build Revert "[github-ci][cross-compiles.yml] Disable sparcv9" Oliver Mihatsch (1): Fix memory leak in i2d_ASN1_bio_stream Patrick Steuer (2): s390x: cipher must set EVP_CIPH_ALWAYS_CALL_INIT flag Test EVP_CipherInit sequences and resets Pauli (9): srp: fix double free, ts: fix double free on error path. engine: fix double free on error path. bn: procduce correct sign for result of BN_mod() ssl: do not choose auto DH groups that are weaker than the security level test: add test for auto DH security level meets the minimum pkcs12: check for zero length digest to avoid division by zero [github-ci] Add comment about our approach to GitHub Actions CI sparc: fix cross compile build Richard Levitte (9): Don't remove $(TARFILE) when cleaning ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse Clean away remaining Travis related files TEST: Check that i2d refuses to encode non-optional items with no content ASN.1: Refuse to encode to DER if non-optional items are missing Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN Fix test/asn1_encode_test.c to handle encoding/decoding failure make update (adds a new function code) Avoid empty lines in nmake rule bodies Shane Lontis (2): Test that we don't have a memory leak in d2i_ASN1_OBJECT. s_client.pod: Fix grammar in NOTES section. Theo Buehler (2): Avoid division by zero in hybrid point encoding Test oct2point for hybrid point encoding of (0, y) Todd Short (3): Handle set_alpn_protos inputs better. Call SSLfatal when the generate_ticket_cb returns 0 Fix potential double-free Tomas Mraz (10): Test that EVP_PKEY_cmp() returns 1 when comparing a key to itself Correct the return value on match and mismatch for MAC pkeys Put init_ec_point_formats() inside #ifndef OPENSSL_NO_EC doc: Mention the update of der data pointers in d2i/i2d DSA/RSA_print(): Fix potential memory leak Revert "make update (adds a new function code)" Revert "Fix test/asn1_encode_test.c to handle encoding/decoding failure" Revert "Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN" Revert "ASN.1: Refuse to encode to DER if non-optional items are missing" Revert "TEST: Check that i2d refuses to encode non-optional items with no content" Trev Larock (1): Modify ssl_handshake_hash to call SSLfatal bonniegong (2): check i2d_ASN1_TYPE return value Check the return value of ASN1_STRING_length luyahan (1): Add riscv64 target yunh (1): enable getauxval on android 10 -----------------------------------------------------------------------