update changelog

author: Brent Cook <bcook@openbsd.org> 2016-09-23 06:13:08 -0500
committer: Brent Cook <bcook@openbsd.org> 2016-09-23 06:13:08 -0500
commit: 9ba1224ed47edfdfbf93d6bc46535f45bb9de343 (patch)
tree: d773de0f37f17cc24ef3949be48ddec1945774ae
parent: a89681418780095c3a8d0786bedfa43e4afb2349 (diff)
download: portable-9ba1224ed47edfdfbf93d6bc46535f45bb9de343.tar.gz
portable-9ba1224ed47edfdfbf93d6bc46535f45bb9de343.tar.bz2
portable-9ba1224ed47edfdfbf93d6bc46535f45bb9de343.zip
1 files changed, 50 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 0c5a934..cf2604e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,7 +28,56 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
-2.4.3 - Bug fixes and reliability improvements
+2.5.0 - New APIs, bug fixes and improvements
+        * libtls now supports ALPN and SNI
+        * libtls adds a new callback interface for integrating custom IO
+          functions. Thanks to Tobias Pape.
+        * libtls now handles 4 cipher suite groups:
+            "secure" (TLSv1.2+AEAD+PFS)
+            "compat" (HIGH:!aNULL)
+            "legacy" (HIGH:MEDIUM:!aNULL)
+            "insecure" (ALL:!aNULL:!eNULL)
+            This allows for flexibility and finer grained control, rather than
+            having two extremes (an issue raised by Marko Kreen some time ago).
+        * Tightened error handling for tls_config_set_ciphers().
+        * libtls now always loads CA, key and certificate files at the time the
+          configuration function is called. This simplifies code and results in
+          a single memory based code path being used to provide data to libssl.
+        * Add support for OCSP intermediate certificates.
+        * Improved behavior of arc4random on Windows when using memory leak
+          analysis software.
+        * Added initial support for iOS, thanks to Jacob Berkman.
+        * Correctly handle an EOF that occurs prior to the TLS handshake
+          completing. Reported by Vasily Kolobkov, based on a diff from Marko
+          Kreen.
+        * Limit the support of the "backward compatible" ssl2 handshake to
+          only be used if TLS 1.0 is enabled.
+        * Fix incorrect results in certain cases on 64-bit systems when
+          BN_mod_word() can return incorrect results. BN_mod_word() now can
+          return an error condition. Thanks to Brian Smith.
+        * Added constant-time updates to address CVE-2016-0702
+        * Fixed undefined behavior in BN_GF2m_mod_arr()
+        * Removed unused Cryptographic Message Support (CMS)
+        * More conversions of long long idioms to time_t
+        * Improved compatibility by avoiding printing NULL strings with
+          printf.
        * Reverted change that cleans up the EVP cipher context in
          EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
author	Brent Cook <bcook@openbsd.org>	2016-09-23 06:13:08 -0500
committer	Brent Cook <bcook@openbsd.org>	2016-09-23 06:13:08 -0500
commit	9ba1224ed47edfdfbf93d6bc46535f45bb9de343 (patch)
tree	d773de0f37f17cc24ef3949be48ddec1945774ae
parent	a89681418780095c3a8d0786bedfa43e4afb2349 (diff)
download	portable-9ba1224ed47edfdfbf93d6bc46535f45bb9de343.tar.gz portable-9ba1224ed47edfdfbf93d6bc46535f45bb9de343.tar.bz2 portable-9ba1224ed47edfdfbf93d6bc46535f45bb9de343.zip

diff --git a/ChangeLog b/ChangeLog index 0c5a934..cf2604e 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,7 +28,56 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
31	2.4.3 - Bug fixes and reliability improvements	31	2.5.0 - New APIs, bug fixes and improvements
		32
		33	* libtls now supports ALPN and SNI
		34
		35	* libtls adds a new callback interface for integrating custom IO
		36	functions. Thanks to Tobias Pape.
		37
		38	* libtls now handles 4 cipher suite groups:
		39	"secure" (TLSv1.2+AEAD+PFS)
		40	"compat" (HIGH:!aNULL)
		41	"legacy" (HIGH:MEDIUM:!aNULL)
		42	"insecure" (ALL:!aNULL:!eNULL)
		43
		44	This allows for flexibility and finer grained control, rather than
		45	having two extremes (an issue raised by Marko Kreen some time ago).
		46
		47	* Tightened error handling for tls_config_set_ciphers().
		48
		49	* libtls now always loads CA, key and certificate files at the time the
		50	configuration function is called. This simplifies code and results in
		51	a single memory based code path being used to provide data to libssl.
		52
		53	* Add support for OCSP intermediate certificates.
		54
		55	* Improved behavior of arc4random on Windows when using memory leak
		56	analysis software.
		57
		58	* Added initial support for iOS, thanks to Jacob Berkman.
		59
		60	* Correctly handle an EOF that occurs prior to the TLS handshake
		61	completing. Reported by Vasily Kolobkov, based on a diff from Marko
		62	Kreen.
		63
		64	* Limit the support of the "backward compatible" ssl2 handshake to
		65	only be used if TLS 1.0 is enabled.
		66
		67	* Fix incorrect results in certain cases on 64-bit systems when
		68	BN_mod_word() can return incorrect results. BN_mod_word() now can
		69	return an error condition. Thanks to Brian Smith.
		70
		71	* Added constant-time updates to address CVE-2016-0702
		72
		73	* Fixed undefined behavior in BN_GF2m_mod_arr()
		74
		75	* Removed unused Cryptographic Message Support (CMS)
		76
		77	* More conversions of long long idioms to time_t
		78
		79	* Improved compatibility by avoiding printing NULL strings with
		80	printf.
32		81
33	* Reverted change that cleans up the EVP cipher context in	82	* Reverted change that cleans up the EVP cipher context in
34	EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the	83	EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the