As well as normal reviews, responding to user queries, wiki user
requests, OMC business, support customer issues, CLA submissions,
handling security reports, etc., key activities this month:
- Implemented the (extended) patch CVE-2021-3712 as well as significant
analysis time spent on this issue
- Analysed and developed the patch for CVE-2021-3711
- Co-ordinated and performed the security release for OpenSSL 1.1.1l and
OpenSSL 1.0.2za
- Investigated, created reproducer for, and subsequently developed the
fix for an issue where leaks occurred due to loading the config file
into the same libctx twice
- Investigated with Tomas problems with the clacheck script following
the removal of the "license"host
- Significant investigation work for OMC related tasks
- Updates to the release instructions following problems with the last
release
- Helped investigate a solaris linking issue
- Fixed a bug where we need to check the asn.1 type of an "otherName"
before we attempt to read it
- Refactored and rationalized provider locking to deal with "lock
inversion" errors being reported from thread sanitizer
Matt
