Release openssl v0.10.48 and openssl-sys v0.9.83 (#1855) (4ff734fe) · Commits · Public Repositories / Rust Openssl

openssl-sys/CHANGELOG.md

+13 −1

Original line number	Diff line number	Diff line
		@@ -2,6 +2,17 @@

		## [Unreleased]

		## [v0.9.83] - 2023-03-23

		### Fixed

		* Fixed version checks for LibreSSL.

		### Added

		* Added `i2d_X509_EXTENSION`.
		* Added `GENERAL_NAME_new`.

		## [v0.9.82] - 2023-03-19

		### Added
		@@ -399,7 +410,8 @@ Fixed builds against OpenSSL built with `no-cast`.
		* Added `X509_verify` and `X509_REQ_verify`.
		* Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`.

		[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.82..master
		[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.83..master
		[v0.9.83]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.82...openssl-sys-v0.9.83
		[v0.9.82]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.81...openssl-sys-v0.9.82
		[v0.9.81]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.80...openssl-sys-v0.9.81
		[v0.9.80]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.79...openssl-sys-v0.9.80

openssl-sys/Cargo.toml

+1 −1

Original line number	Diff line number	Diff line
		[package]
		name = "openssl-sys"
		version = "0.9.82"
		version = "0.9.83"
		authors = [
		"Alex Crichton <alex@alexcrichton.com>",
		"Steven Fackler <sfackler@gmail.com>",

openssl/CHANGELOG.md

+12 −1

Original line number	Diff line number	Diff line
		@@ -2,6 +2,16 @@

		## [Unreleased]

		## [v0.10.48] - 2023-03-23

		### Fixed

		* Fixed injection vulnerabilities where OpenSSL's configuration mini-language could be used via `x509::extension::SubjectAlternativeName` and `x509::extension::ExtendedKeyUsage`. The mini-language can read arbitrary files amongst other things.
		* As part of fixing this `SubjectAlternativeName::dir_name` and `SubjectAlternativeName::other_name` are deprecated and their implementations always `panic!`. If you have a use case for these, please file an issue.
		* Fixed several NULL pointer dereferences in OpenSSL that could be triggered via `x509::X509Extension::new` and `x509::X509Extension::new_nid`. Note that these methods still accept OpenSSL's configuration mini-language, and therefore should not be used with untrusted data.
		* Fixed a data-race with `x509::X509Name` that are created with `x509::X509NameBuilder` and then used concurrently.
		* Fixed LibreSSL version checking. More functions should now be correctly available on LibreSSL.

		## [v0.10.47] - 2023-03-19

		### Added
		@@ -697,7 +707,8 @@

		Look at the [release tags] for information about older releases.

		[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.47...master
		[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...master
		[v0.10.48]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.47...openssl-v0.10.48
		[v0.10.47]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.46...openssl-v0.10.47
		[v0.10.46]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.46
		[v0.10.45]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.44...openssl-v0.10.45

openssl/Cargo.toml

+2 −2

Original line number	Diff line number	Diff line
		[package]
		name = "openssl"
		version = "0.10.47"
		version = "0.10.48"
		authors = ["Steven Fackler <sfackler@gmail.com>"]
		license = "Apache-2.0"
		description = "OpenSSL bindings"
		@@ -30,7 +30,7 @@ libc = "0.2"
		once_cell = "1.5.2"

		openssl-macros = { version = "0.1.0", path = "../openssl-macros" }
		ffi = { package = "openssl-sys", version = "0.9.82", path = "../openssl-sys" }
		ffi = { package = "openssl-sys", version = "0.9.83", path = "../openssl-sys" }

		[dev-dependencies]
		hex = "0.3"