update changelog for 2.5.2

author: Brent Cook <bcook@openbsd.org> 2017-03-25 17:19:25 -0500
committer: Brent Cook <bcook@openbsd.org> 2017-03-25 17:19:25 -0500
commit: 19cf5c9b01b717564b472d2704154d8b9a749e49 (patch)
tree: 32306bef6acdf26efe672ae661a9ef87ed7e9751
parent: 570717c4888ba20ecb24ef873dd9647caad69685 (diff)
download: portable-19cf5c9b01b717564b472d2704154d8b9a749e49.tar.gz
portable-19cf5c9b01b717564b472d2704154d8b9a749e49.tar.bz2
portable-19cf5c9b01b717564b472d2704154d8b9a749e49.zip
1 files changed, 37 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index cb192f9..ddb09b0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,41 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.5.2 - Security features and bugfixes
+        * Improved portability of ocspcheck(1)
+        * Fixed assorted memory leaks and error handling.
+        * Removed STREEBOG 512 MAC
+        * Addednew root CAs from SECOM Trust Systems / Security Communication
+          of Japan
+        * Added EVP interface for MD5+SHA1 hashes
+        * Fixed DTLS client failures when the server sends a certificate
+          request.
+        * Many new regression tests
+        * Correct handling of padding when upgrading an SSLv2 challenge into
+          an SSLv3/TLS connection.
+        * Added recallocarray(1) memory allocation function, converted various
+          places in the library to use it, such as CBB and BUF_MEM_grow.
+          This function ensures that when a private memory buffer is resized,
+          freed memory is explicitly cleared before being returned to the
+          heap.
+        * Allow protocols and ciphers to be set on a TLS config object in
+          libtls.
+        * Improved nc(1) TLS handshake CPU usage and server-side error
+          reporting.
+        * Removed handshake digest code and replaced with handshake hash.
 2.5.1 - Bug and security fixes, new features, documentation updates
        * X509_cmp_time() now passes a malformed GeneralizedTime field as an
@@ -75,10 +110,10 @@ LibreSSL Portable Release Notes:
          SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
          SSL{_CTX}_set1_curves{_list} names. This also changes the default
          list of curves to be X25519, P-256 and P-384. All other curves must
-          be manually enabled.
+          be manually enabled.
        * Added -groups option to openssl(1) s_client for specifying the curves
-          to be used in a colon-separated list.
+          to be used in a colon-separated list.
        * Merged client/server version negotiation code paths into one,
          reducing much duplicate code.
author	Brent Cook <bcook@openbsd.org>	2017-03-25 17:19:25 -0500
committer	Brent Cook <bcook@openbsd.org>	2017-03-25 17:19:25 -0500
commit	19cf5c9b01b717564b472d2704154d8b9a749e49 (patch)
tree	32306bef6acdf26efe672ae661a9ef87ed7e9751
parent	570717c4888ba20ecb24ef873dd9647caad69685 (diff)
download	portable-19cf5c9b01b717564b472d2704154d8b9a749e49.tar.gz portable-19cf5c9b01b717564b472d2704154d8b9a749e49.tar.bz2 portable-19cf5c9b01b717564b472d2704154d8b9a749e49.zip

diff --git a/ChangeLog b/ChangeLog index cb192f9..ddb09b0 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,41 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.5.2 - Security features and bugfixes
		32
		33	* Improved portability of ocspcheck(1)
		34
		35	* Fixed assorted memory leaks and error handling.
		36
		37	* Removed STREEBOG 512 MAC
		38
		39	* Addednew root CAs from SECOM Trust Systems / Security Communication
		40	of Japan
		41
		42	* Added EVP interface for MD5+SHA1 hashes
		43
		44	* Fixed DTLS client failures when the server sends a certificate
		45	request.
		46
		47	* Many new regression tests
		48
		49	* Correct handling of padding when upgrading an SSLv2 challenge into
		50	an SSLv3/TLS connection.
		51
		52	* Added recallocarray(1) memory allocation function, converted various
		53	places in the library to use it, such as CBB and BUF_MEM_grow.
		54	This function ensures that when a private memory buffer is resized,
		55	freed memory is explicitly cleared before being returned to the
		56	heap.
		57
		58	* Allow protocols and ciphers to be set on a TLS config object in
		59	libtls.
		60
		61	* Improved nc(1) TLS handshake CPU usage and server-side error
		62	reporting.
		63
		64	* Removed handshake digest code and replaced with handshake hash.
		65
31	2.5.1 - Bug and security fixes, new features, documentation updates	66	2.5.1 - Bug and security fixes, new features, documentation updates
32		67
33	* X509_cmp_time() now passes a malformed GeneralizedTime field as an	68	* X509_cmp_time() now passes a malformed GeneralizedTime field as an
@@ -75,10 +110,10 @@ LibreSSL Portable Release Notes:
75	SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous	110	SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
76	SSL{_CTX}_set1_curves{_list} names. This also changes the default	111	SSL{_CTX}_set1_curves{_list} names. This also changes the default
77	list of curves to be X25519, P-256 and P-384. All other curves must	112	list of curves to be X25519, P-256 and P-384. All other curves must
78	be manually enabled.	113	be manually enabled.
79		114
80	* Added -groups option to openssl(1) s_client for specifying the curves	115	* Added -groups option to openssl(1) s_client for specifying the curves
81	to be used in a colon-separated list.	116	to be used in a colon-separated list.
82		117
83	* Merged client/server version negotiation code paths into one,	118	* Merged client/server version negotiation code paths into one,
84	reducing much duplicate code.	119	reducing much duplicate code.