diff options
-rw-r--r-- | doc/relnotes/1_10_6.rst | 47 | ||||
-rw-r--r-- | doc/relnotes/index.rst | 2 |
2 files changed, 49 insertions, 0 deletions
diff --git a/doc/relnotes/1_10_6.rst b/doc/relnotes/1_10_6.rst new file mode 100644 index 000000000..241ab801c --- /dev/null +++ b/doc/relnotes/1_10_6.rst @@ -0,0 +1,47 @@ +Version 1.10.6, 2013-11-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The device reading entropy source now attempts to read from all + available devices. Previously it would break out early if a partial + read from a blocking source occured, not continuing to read from a + non-blocking device. This would cause the library to fall back on + slower and less reliable techniques for collecting PRNG seed + material. Reported by Rickard Bellgrim. + +* HMAC_RNG (the default PRNG implementation) now automatically reseeds + itself periodically. Previously reseeds only occured on explicit + application request. + +* Fix an encoding error in EC_Group when encoding using EC_DOMPAR_ENC_OID. + Reported by fxdupont on github. + +* In EMSA2 and Randpool, avoid calling name() on objects after deleting them if + the provided algorithm objects are not suitable for use. Found by Clang + analyzer, reported by Jeffrey Walton. + +* If X509_Store was copied, the u32bit containing how long to cache validation + results was not initialized, potentially causing results to be cached for + significant amounts of time. This could allow a certificate to be considered + valid after its issuing CA's cert expired. Expiration of the end-entity cert + is always checked, and reading a CRL always causes the status to be reset, so + this issue does not affect revocation. Found by Coverity scanner. + +* Avoid off by one causing a potentially unterminated string to be passed to + the connect system call if the library was configured to use a very long path + name for the EGD socket. Found by Coverity Scanner. + +* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and PK_Key_Agreement, + avoid dereferencing an unitialized pointer if no engine supported operations + on the key object given. Found by Coverity scanner. + +* Avoid leaking a file descriptor in the /dev/random and EGD entropy sources if + stdin (file descriptor 0) was closed. Found by Coverity scanner. + +* Avoid a potentially undefined operation in the bit rotation operations. Not + known to have caused problems under any existing compiler, but might have + caused problems in the future. Caught by Clang sanitizer, reported by Jeffrey + Walton. + +* Increase default hash iterations from 10000 to 50000 in PBES1 and PBES2 + +* Add a fix for mips64el builds from Brad Smith. diff --git a/doc/relnotes/index.rst b/doc/relnotes/index.rst index c905796ba..83bde48b0 100644 --- a/doc/relnotes/index.rst +++ b/doc/relnotes/index.rst @@ -8,6 +8,7 @@ Series 1.11 .. toctree:: :maxdepth: 1 + 1_11_5 1_11_4 1_11_3 1_11_2 @@ -19,6 +20,7 @@ Series 1.10 .. toctree:: + 1_10_6 1_10_5 1_10_4 1_10_3 |