update changelog for 2.4.4v2.4.4

author: Brent Cook <bcook@openbsd.org> 2016-11-06 09:21:40 -0600
committer: Brent Cook <bcook@openbsd.org> 2016-11-06 09:21:40 -0600
commit: 9a5e2f16865ab3f17aae5c88035a4f993c808777 (patch)
tree: 5f093e0aefd639e6fc1bd365bed870adc2e6e9d9
parent: c4ebe2518ce876c71ed82562489081df8891afd8 (diff)
download: portable-2.4.4.tar.gz
portable-2.4.4.tar.bz2
portable-2.4.4.zip
1 files changed, 21 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 0c5a934..743f8c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,27 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.4.4 - Reliability improvements
+        * Avoid continual processing of an unlimited number of TLS records,
+          which can cause a denial-of-service condition.
+        * In X509_cmp_time(), pass asn1_time_parse() the tag of the field
+          being parsed so that a malformed GeneralizedTime field is recognized as
+          an error instead of potentially being interpreted as if it was a valid
+          UTCTime.
+        * Improve ticket validity checking when tlsext_ticket_key_cb()
+          callback chooses a different HMAC algorithm.
+        * Check for packets with a truncated DTLS cookie.
+        * Detect zero-length encrypted session data early, instead of when
+          malloc(0) fails or the HMAC check fails.
+        * Check for and handle failure of HMAC_{Update,Final} or
+          EVP_DecryptUpdate()
 2.4.3 - Bug fixes and reliability improvements
        * Reverted change that cleans up the EVP cipher context in
author	Brent Cook <bcook@openbsd.org>	2016-11-06 09:21:40 -0600
committer	Brent Cook <bcook@openbsd.org>	2016-11-06 09:21:40 -0600
commit	9a5e2f16865ab3f17aae5c88035a4f993c808777 (patch)
tree	5f093e0aefd639e6fc1bd365bed870adc2e6e9d9
parent	c4ebe2518ce876c71ed82562489081df8891afd8 (diff)
download	portable-2.4.4.tar.gz portable-2.4.4.tar.bz2 portable-2.4.4.zip

diff --git a/ChangeLog b/ChangeLog index 0c5a934..743f8c0 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,27 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.4.4 - Reliability improvements
		32
		33	* Avoid continual processing of an unlimited number of TLS records,
		34	which can cause a denial-of-service condition.
		35
		36	* In X509_cmp_time(), pass asn1_time_parse() the tag of the field
		37	being parsed so that a malformed GeneralizedTime field is recognized as
		38	an error instead of potentially being interpreted as if it was a valid
		39	UTCTime.
		40
		41	* Improve ticket validity checking when tlsext_ticket_key_cb()
		42	callback chooses a different HMAC algorithm.
		43
		44	* Check for packets with a truncated DTLS cookie.
		45
		46	* Detect zero-length encrypted session data early, instead of when
		47	malloc(0) fails or the HMAC check fails.
		48
		49	* Check for and handle failure of HMAC_{Update,Final} or
		50	EVP_DecryptUpdate()
		51
31	2.4.3 - Bug fixes and reliability improvements	52	2.4.3 - Bug fixes and reliability improvements
32		53
33	* Reverted change that cleans up the EVP cipher context in	54	* Reverted change that cleans up the EVP cipher context in