In IKEv1 Quick Mode make sure that a proposal exists before determining lifetimes (fixes a crash due to a null-pointer dereference in 5.8.3, cb26c5547c).
OpenSSL currently doesn't support squeezing bytes out of a SHAKE128/256 XOF (support was added with 5.8.3) multiple times. Unfortunately, EVP_DigestFinalXOF() completely resets the context and later calls not simply fail, they cause a null-pointer dereference in libcrypto. c5c1898d73 fixes the crash at the cost of repeating initializing the whole state and allocating too much data for subsequent calls (hopefully, once the OpenSSL issue 7894 is resolved we can implement this more efficiently).
On 32-bit platforms, reading arbitrary 32-bit integers from config files (e.g. for charon.spi_min/max) has been fixed (99bef7b686).