From: Neil Horman Date: Tue, 1 Jul 2025 11:21:56 +0000 (-0400) Subject: CHANGES.md / NEWS.md fixups ahead of release X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=HEAD;p=thirdparty%2Fopenssl.git CHANGES.md / NEWS.md fixups ahead of release Release: yes Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/27927) --- diff --git a/CHANGES.md b/CHANGES.md index 441a143a88..44503782db 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -112,6 +112,18 @@ OpenSSL 3.5 ### Changes between 3.5.0 and 3.5.1 [xx XXX xxxx] + * Fix x509 application adds trusted use instead of rejected use. + + Issue summary: Use of -addreject option with the openssl x509 application adds + a trusted use instead of a rejected use for a certificate. + + Impact summary: If a user intends to make a trusted certificate rejected for + a particular use it will be instead marked as trusted for that use. + + ([CVE-2025-4575]) + + *Tomas Mraz* + * Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation alert being received. Older versions of OpenSSL failed with DTLS if a no_renegotiation alert was received. All versions of OpenSSL do this for TLS. @@ -21297,6 +21309,7 @@ ndif +[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 diff --git a/NEWS.md b/NEWS.md index 78b872efbd..38bd728999 100644 --- a/NEWS.md +++ b/NEWS.md @@ -36,6 +36,16 @@ changes: * Added an `openssl configutl` utility for processing the openssl configuration file and dumping the equal configuration file. +### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [under development] + +OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this +release is Low. + +This release incorporates the following bug fixes and mitigations: + + * Fix x509 application adds trusted use instead of rejected use. + ([CVE-2025-4575]) + ### Major changes between OpenSSL 3.4 and OpenSSL 3.5 [under development] OpenSSL 3.5.0 is a feature release adding significant new functionality to @@ -1902,7 +1912,7 @@ OpenSSL 0.9.x * Support for various new platforms - +[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119