News

SQLiteSpy v1.9.26
- Update the built-in database engine to SQLite 3.47.0, DISQLite3 v5.50.0.
- Add the stmtrand() SQL function extension.

YuOpenSSL-3.3 v1.0.0 New!
- First release of YuOpenSSL-3.3 based on OpenSSL 3.3.1.

YuOpenSSL-3.3 v1.0.1
- Update to OpenSSL 3.3.2.
  - Fixed possible denial of service in X.509 name checks (CVE-2024-6119).
  - Fixed possible buffer overread in SSL_select_next_proto (CVE-2024-5535).

YuOpenSSL-3.0 v1.3.4
- Update to OpenSSL 3.0.15.
  - Fixed possible denial of service in X.509 name checks (CVE-2024-6119).
  - Fixed possible buffer overread in SSL_select_next_proto (CVE-2024-5535).

YuXMLSec v1.0.3
- Update to XMLSec 1.2.37.
  - Migration to OpenSSL 3.0 APIs. Needs YuOpenSSL-3.0 v1.2.6 or later.
  - Several smaller fixes.

YuOpenSSL-3.0 v1.2.5
- Update to OpenSSL 3.0.7 (OpenSSL 3.0.6 was withdrawn by the OpenSSL developers).
  - Fixed two high vulnerability buffer overflows in punycode decoding functions, CVE-2022-3786 and CVE-2022-3602.
  - Added RIPEMD160 to the default provider.
  - Other minor bug fixes.

YuOpenSSL-3.0 v1.2.3
- Update to OpenSSL 3.0.5.
  - Fix BN_gcd() to check return value when calling BN_one().
  - Add a check for the return of i2s_ASN1_INTEGER().
  - Fix X509v3_addr_add_range(), X509v3_addr_canonize(), and X509v3_addr_is_canonical() to return the correct result.
  - Fix memory leak in EC_GROUP_new_from_ecparameters().
  - Add and improve various checks.

YuOpenSSL-3.0 v1.2.3
- Update to OpenSSL 3.0.4.
  - Minor bug fixes.
  - Add some constants and functions, mainly related to EVP_KEYEXCH… and X509v3_addr….

YuOpenSSL-3.0 v1.2.2
- Fix OpenSSL version reported by OpenSSL_version…() functions and constants like OPENSSL_FULL_VERSION_STR.

YuOpenSSL-3.0 v1.2.1
- Update to OpenSSL 3.0.3.
  - Fixed a bug in the OCSP_basic_verify() function that verifies the signer certificate on an OCSP response.
  - Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the AAD data as the MAC key.
  - Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory occuppied by the removed hash table entries.

YuOpenSSL-3.0 v1.2.0
- Update to OpenSSL 3.0.2.
  - Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever for non-prime moduli (CVE-2022-0778).
  - Add ciphersuites based on DHE_PSK and ECDHE_PSK to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL >= 3.
  - Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty passphrase strings.
- Add OCSP API functions for Internet Component Suite (ICS).

YuOpenSSL-3.0 v1.3.2
- Update to OpenSSL 3.0.14.
  - Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741).
  - Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603).
  - Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511).

YuOpenSSL-3.0 v1.3.1
- Update to OpenSSL 3.0.13.
  - Fixed PKCS12 Decoding crashes (CVE-2024-0727).
  - Fixed Excessive time spent checking invalid RSA public keys (CVE-2023-6237).
  - Fix excessive time spent in DH check / generation with large Q parameter value (CVE-2023-5678).

YuOpenSSL-3.0 v1.2.13
- Update to OpenSSL 3.0.12.
  - Fix CVE-2023-5363: Mitigate incorrect resize handling for symmetric cipher keys and IVs.

YuOpenSSL-3.0 v1.2.11
- Update to OpenSSL 3.0.10.
  - Fix CVE-2023-3817: Excessive time spent checking DH q parameter value.

YuOpenSSL-3.0 v1.2.9
- Fix CVE-2023-2975: AES-SIV implementation ignores empty associated data entries.
- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters.

YuOpenSSL-3.0 v1.2.11
- Update to OpenSSL 3.0.10.
  - Fix CVE-2023-3817: Excessive time spent checking DH q parameter value.

YuOpenSSL-3.0 v1.2.8
- Add APIs for YuXMLSec v1.1.0.
- Cherry pick low severity CVE fixes.