update release notesv2.6.2

author: Brent Cook <bcook@openbsd.org> 2017-09-25 23:06:21 -0500
committer: Brent Cook <bcook@openbsd.org> 2017-09-25 23:06:21 -0500
commit: 07b9f6c37148ff87043a8372ee460fbf45446c85 (patch)
tree: 67e385b32146b2f8aaf02fc66dcecd4f4632a571
parent: 6054891d433bb03059bed9d3caf4fe0193aef384 (diff)
download: portable-2.6.2.tar.gz
portable-2.6.2.tar.bz2
portable-2.6.2.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 37ba6cd..84a5c87 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,28 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.6.2 - Bug fixes
+        * Provide a useful error with libtls if there are no OCSP URLs in a
+          peer certificate.
+        * Keep track of which keypair is in use by a TLS context, fixing a bug
+          where a TLS server with SNI would only return the OCSP staple for the
+          default keypair. Issue reported by William Graeber and confirmed by
+          Andreas Bartelt.
+        * Fixed various issues in the OCSP extension parsing code.
+          The original code incorrectly passes the pointer allocated via
+          CBS_stow() (using malloc()) to a d2i_*() function and then calls
+          free() on the now incremented pointer, most likely resulting in a
+          crash. This issue was reported by Robert Swiecki who found the issue
+          using honggfuzz.
+        * If tls_config_parse_protocols() is called with a NULL pointer,
+          return the default protocols instead of crashing - this makes the
+          behaviour more useful and mirrors what we already do in
+          tls_config_set_ciphers() et al.
 2.6.1 - Code removal, rewrites
        * Added a "-T tlscompat" option to nc(1), which enables the use of all
author	Brent Cook <bcook@openbsd.org>	2017-09-25 23:06:21 -0500
committer	Brent Cook <bcook@openbsd.org>	2017-09-25 23:06:21 -0500
commit	07b9f6c37148ff87043a8372ee460fbf45446c85 (patch)
tree	67e385b32146b2f8aaf02fc66dcecd4f4632a571
parent	6054891d433bb03059bed9d3caf4fe0193aef384 (diff)
download	portable-2.6.2.tar.gz portable-2.6.2.tar.bz2 portable-2.6.2.zip

diff --git a/ChangeLog b/ChangeLog index 37ba6cd..84a5c87 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,28 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.6.2 - Bug fixes
		32
		33	* Provide a useful error with libtls if there are no OCSP URLs in a
		34	peer certificate.
		35
		36	* Keep track of which keypair is in use by a TLS context, fixing a bug
		37	where a TLS server with SNI would only return the OCSP staple for the
		38	default keypair. Issue reported by William Graeber and confirmed by
		39	Andreas Bartelt.
		40
		41	* Fixed various issues in the OCSP extension parsing code.
		42	The original code incorrectly passes the pointer allocated via
		43	CBS_stow() (using malloc()) to a d2i_*() function and then calls
		44	free() on the now incremented pointer, most likely resulting in a
		45	crash. This issue was reported by Robert Swiecki who found the issue
		46	using honggfuzz.
		47
		48	* If tls_config_parse_protocols() is called with a NULL pointer,
		49	return the default protocols instead of crashing - this makes the
		50	behaviour more useful and mirrors what we already do in
		51	tls_config_set_ciphers() et al.
		52
31	2.6.1 - Code removal, rewrites	53	2.6.1 - Code removal, rewrites
32		54
33	* Added a "-T tlscompat" option to nc(1), which enables the use of all	55	* Added a "-T tlscompat" option to nc(1), which enables the use of all