add 2.5.4 changelog

author: Brent Cook <bcook@openbsd.org> 2017-04-30 20:59:06 -0500
committer: Brent Cook <bcook@openbsd.org> 2017-04-30 20:59:06 -0500
commit: b09eba6ae24b40ed6b2dd1a2847336e02952d985 (patch)
tree: 19754187360522cdf7084dc89493449384d32d8d
parent: c402f3877de23999758b86c7a34ffbfd86784adb (diff)
download: portable-b09eba6ae24b40ed6b2dd1a2847336e02952d985.tar.gz
portable-b09eba6ae24b40ed6b2dd1a2847336e02952d985.tar.bz2
portable-b09eba6ae24b40ed6b2dd1a2847336e02952d985.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 08eac86..ce73da7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,28 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.5.4 - Security Updates
+        * Revert a previous change that forced consistency between return
+          value and error code when specifing a certificate verification
+          callback, since this breaks the documented API. When a user supplied
+          callback always returns 1, and later code checks the error code to
+          potentially abort post verification, this will result in incorrect
+          successul certificate verification.
+        * Switched Linux getrandom() usage to non-blocking mode, continuing to
+          use fallback mechanims if unsuccessful. This works around a design
+          flaw in Linux getrandom(2) where early boot usage in a library makes
+          it impossible to recover if getrandom(2) is not yet initialized.
+        * Fixed a bug caused by the return value being set early to signal
+          successful DTLS cookie validation. This can mask a later failure and
+          result in a positive return value being returned from
+          ssl3_get_client_hello(), when it should return a negative value to
+          propagate the error.
+        * Fixed a build error on non-x86/x86_64 systems running Solaris.
 2.5.3 - OpenBSD 6.1 Release
        * Documentation updates
author	Brent Cook <bcook@openbsd.org>	2017-04-30 20:59:06 -0500
committer	Brent Cook <bcook@openbsd.org>	2017-04-30 20:59:06 -0500
commit	b09eba6ae24b40ed6b2dd1a2847336e02952d985 (patch)
tree	19754187360522cdf7084dc89493449384d32d8d
parent	c402f3877de23999758b86c7a34ffbfd86784adb (diff)
download	portable-b09eba6ae24b40ed6b2dd1a2847336e02952d985.tar.gz portable-b09eba6ae24b40ed6b2dd1a2847336e02952d985.tar.bz2 portable-b09eba6ae24b40ed6b2dd1a2847336e02952d985.zip

diff --git a/ChangeLog b/ChangeLog index 08eac86..ce73da7 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,28 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.5.4 - Security Updates
		32
		33	* Revert a previous change that forced consistency between return
		34	value and error code when specifing a certificate verification
		35	callback, since this breaks the documented API. When a user supplied
		36	callback always returns 1, and later code checks the error code to
		37	potentially abort post verification, this will result in incorrect
		38	successul certificate verification.
		39
		40	* Switched Linux getrandom() usage to non-blocking mode, continuing to
		41	use fallback mechanims if unsuccessful. This works around a design
		42	flaw in Linux getrandom(2) where early boot usage in a library makes
		43	it impossible to recover if getrandom(2) is not yet initialized.
		44
		45	* Fixed a bug caused by the return value being set early to signal
		46	successful DTLS cookie validation. This can mask a later failure and
		47	result in a positive return value being returned from
		48	ssl3_get_client_hello(), when it should return a negative value to
		49	propagate the error.
		50
		51	* Fixed a build error on non-x86/x86_64 systems running Solaris.
		52
31	2.5.3 - OpenBSD 6.1 Release	53	2.5.3 - OpenBSD 6.1 Release
32		54
33	* Documentation updates	55	* Documentation updates