aboutsummaryrefslogtreecommitdiffstats
path: root/doc/relnotes/1_10_6.rst
diff options
context:
space:
mode:
authorlloyd <[email protected]>2013-11-10 16:12:49 +0000
committerlloyd <[email protected]>2013-11-10 16:12:49 +0000
commit8758cc592f01050f13618c24491acc86f36fc874 (patch)
treea3275ca220eecf0be496e848e15ff4b7bdc4ae33 /doc/relnotes/1_10_6.rst
parent6f109befec490ab154e4a2a65ec9260c8c268041 (diff)
Add 1.10.6 release notes
Diffstat (limited to 'doc/relnotes/1_10_6.rst')
-rw-r--r--doc/relnotes/1_10_6.rst47
1 files changed, 47 insertions, 0 deletions
diff --git a/doc/relnotes/1_10_6.rst b/doc/relnotes/1_10_6.rst
new file mode 100644
index 000000000..241ab801c
--- /dev/null
+++ b/doc/relnotes/1_10_6.rst
@@ -0,0 +1,47 @@
+Version 1.10.6, 2013-11-10
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* The device reading entropy source now attempts to read from all
+ available devices. Previously it would break out early if a partial
+ read from a blocking source occured, not continuing to read from a
+ non-blocking device. This would cause the library to fall back on
+ slower and less reliable techniques for collecting PRNG seed
+ material. Reported by Rickard Bellgrim.
+
+* HMAC_RNG (the default PRNG implementation) now automatically reseeds
+ itself periodically. Previously reseeds only occured on explicit
+ application request.
+
+* Fix an encoding error in EC_Group when encoding using EC_DOMPAR_ENC_OID.
+ Reported by fxdupont on github.
+
+* In EMSA2 and Randpool, avoid calling name() on objects after deleting them if
+ the provided algorithm objects are not suitable for use. Found by Clang
+ analyzer, reported by Jeffrey Walton.
+
+* If X509_Store was copied, the u32bit containing how long to cache validation
+ results was not initialized, potentially causing results to be cached for
+ significant amounts of time. This could allow a certificate to be considered
+ valid after its issuing CA's cert expired. Expiration of the end-entity cert
+ is always checked, and reading a CRL always causes the status to be reset, so
+ this issue does not affect revocation. Found by Coverity scanner.
+
+* Avoid off by one causing a potentially unterminated string to be passed to
+ the connect system call if the library was configured to use a very long path
+ name for the EGD socket. Found by Coverity Scanner.
+
+* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and PK_Key_Agreement,
+ avoid dereferencing an unitialized pointer if no engine supported operations
+ on the key object given. Found by Coverity scanner.
+
+* Avoid leaking a file descriptor in the /dev/random and EGD entropy sources if
+ stdin (file descriptor 0) was closed. Found by Coverity scanner.
+
+* Avoid a potentially undefined operation in the bit rotation operations. Not
+ known to have caused problems under any existing compiler, but might have
+ caused problems in the future. Caught by Clang sanitizer, reported by Jeffrey
+ Walton.
+
+* Increase default hash iterations from 10000 to 50000 in PBES1 and PBES2
+
+* Add a fix for mips64el builds from Brad Smith.