Update initial changelog for 2.1.4

author: Brent Cook <bcook@openbsd.org> 2015-02-22 18:06:46 -0600
committer: Brent Cook <bcook@openbsd.org> 2015-02-22 18:06:46 -0600
commit: 2c5ac47db473503689bec13671b1c5e67133ac33 (patch)
tree: 278c7b427f6e28d60d1c6124273293eb7ab33714 /ChangeLog
parent: 329df39a13555f998da6181c4230acb8f4a4386a (diff)
download: portable-2c5ac47db473503689bec13671b1c5e67133ac33.tar.gz
portable-2c5ac47db473503689bec13671b1c5e67133ac33.tar.bz2
portable-2c5ac47db473503689bec13671b1c5e67133ac33.zip
1 files changed, 39 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index a855ff1..268f074 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,45 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.1.4 - Security and feature updates
+        * Improvements to libtls:
+          * a new API for loading CA chains directly from memory instead of a
+            file, allowing verification with privilege separation in a chroot
+            without direct access to CA certificate files.
+          * Ciphers default to TLSv1.2 with AEAD and PFS.
+          * Improved error handling and message generation
+          * New APIs and improved documentation
+        * Added X509_STORE_load_mem API for loading certificates from memory.
+          This facilitates accessing certificates from a chrooted environment.
+        * New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by
+          using 'TLSv1.2+AEAD' as the cipher selection string.
+        * Dead and disabled code removal including MD5, Netscape workarounds,
+          non-POSIX IO, SCTP, RFC 3779 support, many #if 0 sections, and more.
+        * ASN1 macro maze expanded to aid reading and searching the code.
+        * NULL pointer asserts removed in favor of letting the OS/signal
+          handler catch them.
+        * Refactored argument handling in openssl(1) for consistency and
+          maintainability.
+        * New openssl(1) command 'certhash' replaces the c_rehash script.
+        * Support for building with OPENSSL_NO_DEPRECATED
+        * Dozens of issues found with the Coverity scanner fixed.
+        * Server-side support for TLS_FALLBACK_SCSV for compatibility with
+          various auditor and vulnerability scanners.
 2.1.3 - Security update and OS support improvements
        * Fixed various memory leaks in DTLS, including fixes for
          CVE-2015-0206.
author	Brent Cook <bcook@openbsd.org>	2015-02-22 18:06:46 -0600
committer	Brent Cook <bcook@openbsd.org>	2015-02-22 18:06:46 -0600
commit	2c5ac47db473503689bec13671b1c5e67133ac33 (patch)
tree	278c7b427f6e28d60d1c6124273293eb7ab33714 /ChangeLog
parent	329df39a13555f998da6181c4230acb8f4a4386a (diff)
download	portable-2c5ac47db473503689bec13671b1c5e67133ac33.tar.gz portable-2c5ac47db473503689bec13671b1c5e67133ac33.tar.bz2 portable-2c5ac47db473503689bec13671b1c5e67133ac33.zip

diff --git a/ChangeLog b/ChangeLog index a855ff1..268f074 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,45 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.1.4 - Security and feature updates
		32	* Improvements to libtls:
		33
		34	* a new API for loading CA chains directly from memory instead of a
		35	file, allowing verification with privilege separation in a chroot
		36	without direct access to CA certificate files.
		37
		38	* Ciphers default to TLSv1.2 with AEAD and PFS.
		39
		40	* Improved error handling and message generation
		41
		42	* New APIs and improved documentation
		43
		44	* Added X509_STORE_load_mem API for loading certificates from memory.
		45	This facilitates accessing certificates from a chrooted environment.
		46
		47	* New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by
		48	using 'TLSv1.2+AEAD' as the cipher selection string.
		49
		50	* Dead and disabled code removal including MD5, Netscape workarounds,
		51	non-POSIX IO, SCTP, RFC 3779 support, many #if 0 sections, and more.
		52
		53	* ASN1 macro maze expanded to aid reading and searching the code.
		54
		55	* NULL pointer asserts removed in favor of letting the OS/signal
		56	handler catch them.
		57
		58	* Refactored argument handling in openssl(1) for consistency and
		59	maintainability.
		60
		61	* New openssl(1) command 'certhash' replaces the c_rehash script.
		62
		63	* Support for building with OPENSSL_NO_DEPRECATED
		64
		65	* Dozens of issues found with the Coverity scanner fixed.
		66
		67	* Server-side support for TLS_FALLBACK_SCSV for compatibility with
		68	various auditor and vulnerability scanners.
		69
31	2.1.3 - Security update and OS support improvements	70	2.1.3 - Security update and OS support improvements
32	* Fixed various memory leaks in DTLS, including fixes for	71	* Fixed various memory leaks in DTLS, including fixes for
33	CVE-2015-0206.	72	CVE-2015-0206.