From: Eugene Syromiatnikov Date: Tue, 30 Sep 2025 10:03:28 +0000 (+0200) Subject: CHANGES.md: update for 3.0.18 X-Git-Tag: openssl-3.0.18~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=963062dd3a9847ae69ac9c1012e98bdf865d1b69;p=thirdparty%2Fopenssl.git CHANGES.md: update for 3.0.18 3.0.18 CHANGES.md includes the following: * https://github.com/openssl/openssl/pull/28198 * https://github.com/openssl/openssl/pull/28398 * https://github.com/openssl/openssl/pull/28411 * https://github.com/openssl/openssl/pull/28449 Release: Yes Signed-off-by: Eugene Syromiatnikov Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz --- diff --git a/CHANGES.md b/CHANGES.md index 212d66c4647..1875d085b87 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -62,6 +62,27 @@ breaking changes, and mappings for the large list of deprecated functions. *Stanislav Fort* + * Avoided a potential race condition introduced in 3.0.17, where + `OSSL_STORE_CTX` kept open during lookup while potentially being used + by multiple threads simultaneously, that could lead to potential crashes + when multiple concurrent TLS connections are served. + + *Matt Caswell* + + * Secure memory allocation calls are no longer used for HMAC keys. + + *Dr Paul Dale* + + * `openssl req` no longer generates certificates with an empty extension list + when SKID/AKID are set to `none` during generation. + + *David Benjamin* + + * The man page date is now derived from the release date provided + in `VERSION.dat` and not the current date for the released builds. + + *Enji Cooper* + * Hardened the provider implementation of the RSA public key "encrypt" operation to add a missing check that the caller-indicated output buffer size is at least as large as the byte count of the RSA modulus. The issue