diff options
author | lloyd <[email protected]> | 2013-11-10 16:12:49 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2013-11-10 16:12:49 +0000 |
commit | 8758cc592f01050f13618c24491acc86f36fc874 (patch) | |
tree | a3275ca220eecf0be496e848e15ff4b7bdc4ae33 /doc/relnotes/1_10_6.rst | |
parent | 6f109befec490ab154e4a2a65ec9260c8c268041 (diff) |
Add 1.10.6 release notes
Diffstat (limited to 'doc/relnotes/1_10_6.rst')
-rw-r--r-- | doc/relnotes/1_10_6.rst | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/doc/relnotes/1_10_6.rst b/doc/relnotes/1_10_6.rst new file mode 100644 index 000000000..241ab801c --- /dev/null +++ b/doc/relnotes/1_10_6.rst @@ -0,0 +1,47 @@ +Version 1.10.6, 2013-11-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The device reading entropy source now attempts to read from all + available devices. Previously it would break out early if a partial + read from a blocking source occured, not continuing to read from a + non-blocking device. This would cause the library to fall back on + slower and less reliable techniques for collecting PRNG seed + material. Reported by Rickard Bellgrim. + +* HMAC_RNG (the default PRNG implementation) now automatically reseeds + itself periodically. Previously reseeds only occured on explicit + application request. + +* Fix an encoding error in EC_Group when encoding using EC_DOMPAR_ENC_OID. + Reported by fxdupont on github. + +* In EMSA2 and Randpool, avoid calling name() on objects after deleting them if + the provided algorithm objects are not suitable for use. Found by Clang + analyzer, reported by Jeffrey Walton. + +* If X509_Store was copied, the u32bit containing how long to cache validation + results was not initialized, potentially causing results to be cached for + significant amounts of time. This could allow a certificate to be considered + valid after its issuing CA's cert expired. Expiration of the end-entity cert + is always checked, and reading a CRL always causes the status to be reset, so + this issue does not affect revocation. Found by Coverity scanner. + +* Avoid off by one causing a potentially unterminated string to be passed to + the connect system call if the library was configured to use a very long path + name for the EGD socket. Found by Coverity Scanner. + +* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and PK_Key_Agreement, + avoid dereferencing an unitialized pointer if no engine supported operations + on the key object given. Found by Coverity scanner. + +* Avoid leaking a file descriptor in the /dev/random and EGD entropy sources if + stdin (file descriptor 0) was closed. Found by Coverity scanner. + +* Avoid a potentially undefined operation in the bit rotation operations. Not + known to have caused problems under any existing compiler, but might have + caused problems in the future. Caught by Clang sanitizer, reported by Jeffrey + Walton. + +* Increase default hash iterations from 10000 to 50000 in PBES1 and PBES2 + +* Add a fix for mips64el builds from Brad Smith. |